Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
JtDj8LXROa.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Eurofighter Typhoon Game 10.8.45\Eurofighter Typhoon Game 10.8.45.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-0GII4.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-45KG3.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-4D90I.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-4PF6P.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-8S82H.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-E99MS.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-F583D.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-HL3OV.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-J2GOF.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-JLHGP.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-MIIEA.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-OINQS.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-QL93H.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-QREK9.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-R0B0H.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-RT5D9.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-S3DSP.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-TITH4.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-U6VV1.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-UDOMJ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libgcc_s_dw2-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libgdk-win32-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libgdk_pixbuf-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libgdkmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libglibmm-2.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libgmodule-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libgobject-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libgomp-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libintl-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libjpeg-8.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\liblcms2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libpango-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libpangocairo-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libpangoft2-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libpangomm-1.4-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libpangowin32-1.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libpixman-1-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\librsvg-2-2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libsigc-2.0-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libtiff-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\uninstall\is-APE3N.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\uninstall\unins000.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_RegDLL.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\eu108it45.dat
|
International EBCDIC text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\eu108rc45.dat
|
data
|
dropped
|
||
|
C:\ProgramData\eu108resa.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ProgramData\eu108resb.dat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-044SQ.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-3E0BT.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-4931H.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-FNN9L.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-KVJ9F.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-RD9OC.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-RTQN1.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\is-T9B97.tmp
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libgraphite2.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libharfbuzz-0.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\liblzma-5.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libpcre-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libpng16-16.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\libwinpthread-1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\uninstall\unins000.dat
|
InnoSetup Log Raff Txt To Sub, version 0x2a, 5653 bytes, 767668\user, "C:\Users\user\AppData\Local\Raff Txt To Sub"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Raff Txt To Sub\zlib1.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-IEO87.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
There are 60 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\JtDj8LXROa.exe
|
"C:\Users\user\Desktop\JtDj8LXROa.exe"
|
|
|
|
C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe
|
"C:\Users\user\AppData\Local\Raff Txt To Sub\txttosub32_64.exe" -i
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp
|
"C:\Users\user\AppData\Local\Temp\is-GCHVL.tmp\is-3J7FL.tmp" /SL4 $10482 "C:\Users\user\Desktop\JtDj8LXROa.exe" 3710467 52224
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dioimyp.info
|
|
||
|
http://dioimyp.info/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c446db22f31dfe339426fa11af66c156adb719a9577e55b8603e983a608cf715c1e69c9e3c
|
185.208.158.248
|
|
|
|
http://dioimyp.info/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee94814a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b415e96cc92be510b866db52b2e34ae84c2b14a82966836f23d7f210c7ed9d9e3ac4669211
|
185.208.158.248
|
|
|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://tukaani.org/
|
unknown
|
||
|
http://tukaani.org/xz/
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82d
|
unknown
|
||
|
http://mingw-w64.sourceforge.net/X
|
unknown
|
||
|
http://185.208.158.248/
|
unknown
|
||
|
http://www.remobjects.com/?ps
|
unknown
|
||
|
http://185.208.158.248/search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86ee948
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://www.innosetup.com
|
unknown
|
||
|
http://www.innosetup.comDVarFileInfo$
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
||
|
http://www.remobjects.com/?psU
|
unknown
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dioimyp.info
|
185.208.158.248
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.248
|
dioimyp.info
|
Switzerland
|
|
|
|
89.105.201.183
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raff Txt To Sub_is1
|
Inno Setup: Setup Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raff Txt To Sub_is1
|
Inno Setup: App Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raff Txt To Sub_is1
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raff Txt To Sub_is1
|
Inno Setup: Icon Group
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raff Txt To Sub_is1
|
Inno Setup: User
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raff Txt To Sub_is1
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raff Txt To Sub_is1
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raff Txt To Sub_is1
|
QuietUninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raff Txt To Sub_is1
|
NoModify
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raff Txt To Sub_is1
|
NoRepair
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BetaTour
|
eurofighter_typhoon_game_i45_2
|
There are 1 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2CE3000
|
heap
|
page read and write
|
|
|
|
2D91000
|
direct allocation
|
page execute and read and write
|
|
|
|
27FF000
|
stack
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4F88000
|
direct allocation
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
5A3000
|
unkown
|
page execute and write copy
|
||
|
5B1000
|
unkown
|
page execute and write copy
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2288000
|
direct allocation
|
page read and write
|
||
|
4B0E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2074000
|
direct allocation
|
page read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4DFC000
|
direct allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
4DEE000
|
direct allocation
|
page read and write
|
||
|
4E60000
|
direct allocation
|
page read and write
|
||
|
332D000
|
stack
|
page read and write
|
||
|
3230000
|
direct allocation
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
2088000
|
direct allocation
|
page read and write
|
||
|
4EC0000
|
direct allocation
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
227C000
|
direct allocation
|
page read and write
|
||
|
4E06000
|
direct allocation
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
37D6000
|
heap
|
page read and write
|
||
|
429000
|
heap
|
page read and write
|
||
|
2288000
|
direct allocation
|
page read and write
|
||
|
A10000
|
direct allocation
|
page read and write
|
||
|
770000
|
direct allocation
|
page execute and read and write
|
||
|
24F1000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
272E000
|
heap
|
page read and write
|
||
|
A5E000
|
stack
|
page read and write
|
||
|
5A1000
|
unkown
|
page execute and write copy
|
||
|
890000
|
direct allocation
|
page read and write
|
||
|
2276000
|
direct allocation
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
4DE6000
|
direct allocation
|
page read and write
|
||
|
4E04000
|
direct allocation
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
B21000
|
heap
|
page read and write
|
||
|
25E0000
|
direct allocation
|
page read and write
|
||
|
72C000
|
unkown
|
page readonly
|
||
|
339F000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
664000
|
unkown
|
page readonly
|
||
|
4DFE000
|
direct allocation
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
730000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
23F5000
|
heap
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
4E14000
|
direct allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
370F000
|
stack
|
page read and write
|
||
|
345E000
|
heap
|
page read and write
|
||
|
193000
|
stack
|
page read and write
|
||
|
4E10000
|
direct allocation
|
page read and write
|
||
|
7CD000
|
heap
|
page read and write
|
||
|
2320000
|
direct allocation
|
page read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
410000
|
unkown
|
page readonly
|
||
|
7D1000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
8A0000
|
direct allocation
|
page read and write
|
||
|
23F9000
|
heap
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2265000
|
direct allocation
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
5FE000
|
unkown
|
page write copy
|
||
|
8B0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7BC000
|
heap
|
page read and write
|
||
|
78E000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
48D000
|
unkown
|
page read and write
|
||
|
599000
|
unkown
|
page execute and write copy
|
||
|
A70000
|
heap
|
page read and write
|
||
|
2138000
|
direct allocation
|
page read and write
|
||
|
322E000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
2410000
|
direct allocation
|
page read and write
|
||
|
49CE000
|
stack
|
page read and write
|
||
|
28B0000
|
trusted library allocation
|
page read and write
|
||
|
3454000
|
heap
|
page read and write
|
||
|
5F9000
|
unkown
|
page readonly
|
||
|
2081000
|
direct allocation
|
page read and write
|
||
|
49D000
|
unkown
|
page readonly
|
||
|
850000
|
heap
|
page read and write
|
||
|
307F000
|
stack
|
page read and write
|
||
|
4E16000
|
direct allocation
|
page read and write
|
||
|
285C000
|
stack
|
page read and write
|
||
|
5B3000
|
unkown
|
page execute and write copy
|
||
|
2070000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
34AF000
|
stack
|
page read and write
|
||
|
B6E000
|
heap
|
page read and write
|
||
|
B49000
|
heap
|
page read and write
|
||
|
5FC000
|
unkown
|
page write copy
|
||
|
A78000
|
heap
|
page read and write
|
||
|
346E000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
49D000
|
unkown
|
page readonly
|
||
|
25E9000
|
direct allocation
|
page read and write
|
||
|
33AE000
|
stack
|
page read and write
|
||
|
58D000
|
unkown
|
page execute and write copy
|
||
|
8B2000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
B27000
|
heap
|
page read and write
|
||
|
605000
|
unkown
|
page readonly
|
||
|
48D000
|
unkown
|
page write copy
|
||
|
2288000
|
direct allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
4DFA000
|
direct allocation
|
page read and write
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
24CE000
|
stack
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
3472000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page write copy
|
||
|
326E000
|
stack
|
page read and write
|
||
|
2680000
|
direct allocation
|
page read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
5AD000
|
unkown
|
page execute and write copy
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
336F000
|
stack
|
page read and write
|
||
|
360E000
|
stack
|
page read and write
|
||
|
2081000
|
direct allocation
|
page read and write
|
||
|
4C60000
|
direct allocation
|
page read and write
|
||
|
583000
|
unkown
|
page execute and write copy
|
||
|
26F0000
|
heap
|
page read and write
|
||
|
2298000
|
direct allocation
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2374000
|
heap
|
page read and write
|
||
|
2268000
|
direct allocation
|
page read and write
|
||
|
3242000
|
direct allocation
|
page read and write
|
||
|
33C7000
|
heap
|
page read and write
|
||
|
35CF000
|
stack
|
page read and write
|
||
|
4DD1000
|
direct allocation
|
page read and write
|
||
|
2DCA000
|
direct allocation
|
page execute and read and write
|
||
|
3392000
|
heap
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
2260000
|
direct allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
4C0F000
|
stack
|
page read and write
|
||
|
78A000
|
heap
|
page read and write
|
||
|
2F3B000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3230000
|
direct allocation
|
page read and write
|
||
|
270A000
|
heap
|
page read and write
|
||
|
2094000
|
direct allocation
|
page read and write
|
||
|
42E000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page execute and read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
59B000
|
unkown
|
page execute and write copy
|
||
|
2288000
|
direct allocation
|
page read and write
|
||
|
B68000
|
heap
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
597000
|
unkown
|
page execute and write copy
|
||
|
226C000
|
direct allocation
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
10002000
|
unkown
|
page readonly
|
||
|
58B000
|
unkown
|
page execute and write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
410000
|
unkown
|
page readonly
|
There are 176 hidden memdumps, click here to show them.