Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\Public\Netstat\PCICL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Netstat\TCCTL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Netstat\netsup.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\Netstat\pcicapi.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Netstat\remcmdstub.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Netstat\shv.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Netstat\HTCTL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Netstat\NSM.LIC
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Netstat\PCICHEK.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Netstat\client32.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Netstat\msvcr100.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Netstat\nskbfltr.inf
|
Windows setup INFormation
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\loca[1].htm
|
ASCII text, with no line terminators
|
modified
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Netstat\netsup.bat" "
|
|
|
|
C:\Windows\System32\reg.exe
|
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\shv.exe"
|
|
|
|
C:\Windows\System32\reg.exe
|
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\shv.exe"
|
|
|
|
C:\Users\Public\Netstat\shv.exe
|
C:\Users\Public\Netstat\shv.exe
|
|
|
|
C:\Windows\System32\reg.exe
|
REG ADD "HKCU\SOFTWARE\Software\Supservice\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\shv.exe"
|
|
|
|
C:\Windows\System32\reg.exe
|
REG ADD "HKCU\SOFTWARE\Software\Supservice\Run" /V "Netstat" /t REG_SZ /F /D "C:\Users\Public\Netstat\shv.exe"
|
|
|
|
C:\Users\Public\Netstat\shv.exe
|
C:\Users\Public\Netstat\shv.exe
|
|
|
|
C:\Users\Public\Netstat\shv.exe
|
"C:\Users\Public\Netstat\shv.exe"
|
|
|
|
C:\Users\Public\Netstat\shv.exe
|
"C:\Users\Public\Netstat\shv.exe"
|
|
|
|
C:\Users\Public\Netstat\shv.exe
|
"C:\Users\Public\Netstat\shv.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.61.128.74/fakeurl.htm
|
45.61.128.74
|
|
|
|
http://www.pci.co.uk/support
|
unknown
|
||
|
http://%s/testpage.htmwininet.dll
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.aspc
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.asp
|
104.26.0.231
|
||
|
http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
|
unknown
|
||
|
http://www.pci.co.uk/supportsupport
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://127.0.0.1RESUMEPRINTING
|
unknown
|
||
|
http://%s/testpage.htm
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.asp0
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.aspU
|
unknown
|
||
|
http://www.netsupportschool.com/tutor-assistant.asp11(
|
unknown
|
||
|
http://127.0.0.1
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.aspi
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://www.netsupportschool.com/tutor-assistant.asp
|
unknown
|
||
|
http://%s/fakeurl.htm
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geo.netsupportsoftware.com
|
104.26.0.231
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.61.128.74
|
unknown
|
United States
|
|
|
|
104.26.0.231
|
geo.netsupportsoftware.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Netstat
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\WinRAR SFX
|
C%%Users%Public%Netstat%
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Netstat
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Software\Supservice\Run
|
Netstat
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF70E7DB000
|
unkown
|
page read and write
|
||
|
70036000
|
unkown
|
page read and write
|
||
|
6D20E000
|
unkown
|
page read and write
|
||
|
229E5330000
|
heap
|
page read and write
|
||
|
17DF000
|
stack
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
3330000
|
heap
|
page read and write
|
||
|
1478000
|
heap
|
page read and write
|
||
|
229E5457000
|
heap
|
page read and write
|
||
|
229E545D000
|
heap
|
page read and write
|
||
|
10C8000
|
heap
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
5D7C000
|
stack
|
page read and write
|
||
|
229E7464000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
74A90000
|
unkown
|
page readonly
|
||
|
229E541E000
|
heap
|
page read and write
|
||
|
14AE000
|
stack
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
112B3000
|
unkown
|
page readonly
|
||
|
130F000
|
heap
|
page read and write
|
||
|
229E53E5000
|
heap
|
page read and write
|
||
|
136B000
|
heap
|
page read and write
|
||
|
1316000
|
heap
|
page read and write
|
||
|
6E5A4000
|
unkown
|
page read and write
|
||
|
131C000
|
heap
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
112AC000
|
unkown
|
page readonly
|
||
|
307E000
|
stack
|
page read and write
|
||
|
229E74A2000
|
heap
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
74A91000
|
unkown
|
page execute read
|
||
|
6E5A6000
|
unkown
|
page write copy
|
||
|
145B000
|
stack
|
page read and write
|
||
|
229E5462000
|
heap
|
page read and write
|
||
|
111F0000
|
unkown
|
page read and write
|
||
|
70030000
|
unkown
|
page readonly
|
||
|
136C000
|
stack
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
1362000
|
heap
|
page read and write
|
||
|
15AF000
|
stack
|
page read and write
|
||
|
229E76A8000
|
heap
|
page read and write
|
||
|
1C9A9430000
|
heap
|
page read and write
|
||
|
70030000
|
unkown
|
page readonly
|
||
|
229E76A5000
|
heap
|
page read and write
|
||
|
6E4F0000
|
unkown
|
page readonly
|
||
|
70030000
|
unkown
|
page readonly
|
||
|
112B3000
|
unkown
|
page readonly
|
||
|
229E540E000
|
heap
|
page read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
19F9FA04000
|
heap
|
page read and write
|
||
|
1132A000
|
unkown
|
page readonly
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
229E7665000
|
heap
|
page read and write
|
||
|
229E7250000
|
heap
|
page read and write
|
||
|
229E5725000
|
heap
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
229E53E5000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
2D1B000
|
stack
|
page read and write
|
||
|
11287000
|
unkown
|
page readonly
|
||
|
3290000
|
heap
|
page read and write
|
||
|
591F000
|
stack
|
page read and write
|
||
|
70036000
|
unkown
|
page read and write
|
||
|
70044000
|
unkown
|
page readonly
|
||
|
6D210000
|
unkown
|
page readonly
|
||
|
229E74A1000
|
heap
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
229E53E7000
|
heap
|
page read and write
|
||
|
6E4F1000
|
unkown
|
page execute read
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
19F9F6D0000
|
heap
|
page read and write
|
||
|
74A90000
|
unkown
|
page readonly
|
||
|
229E7561000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
229E5441000
|
heap
|
page read and write
|
||
|
7FF70E7E4000
|
unkown
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
229E53C6000
|
heap
|
page read and write
|
||
|
111F6000
|
unkown
|
page readonly
|
||
|
27491160000
|
heap
|
page read and write
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
229E5350000
|
heap
|
page read and write
|
||
|
111E1000
|
unkown
|
page read and write
|
||
|
386E000
|
stack
|
page read and write
|
||
|
27490F99000
|
heap
|
page read and write
|
||
|
7FF70E7EA000
|
unkown
|
page readonly
|
||
|
70044000
|
unkown
|
page readonly
|
||
|
19F9FA00000
|
heap
|
page read and write
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
229E7664000
|
heap
|
page read and write
|
||
|
229E53EF000
|
heap
|
page read and write
|
||
|
229E957C000
|
heap
|
page read and write
|
||
|
229E5370000
|
heap
|
page read and write
|
||
|
12B9000
|
heap
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
111F0000
|
unkown
|
page read and write
|
||
|
229E53CC000
|
heap
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
15FF000
|
heap
|
page read and write
|
||
|
1727000
|
heap
|
page read and write
|
||
|
6E5A4000
|
unkown
|
page read and write
|
||
|
F7A23FF000
|
stack
|
page read and write
|
||
|
6D1C0000
|
unkown
|
page readonly
|
||
|
70030000
|
unkown
|
page readonly
|
||
|
3390000
|
heap
|
page read and write
|
||
|
136B000
|
heap
|
page read and write
|
||
|
543E000
|
stack
|
page read and write
|
||
|
7FF70E7C8000
|
unkown
|
page readonly
|
||
|
229E53CD000
|
heap
|
page read and write
|
||
|
332F000
|
stack
|
page read and write
|
||
|
1302000
|
heap
|
page read and write
|
||
|
74A90000
|
unkown
|
page readonly
|
||
|
1336000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
70031000
|
unkown
|
page execute read
|
||
|
55C307F000
|
stack
|
page read and write
|
||
|
6E5A9000
|
unkown
|
page readonly
|
||
|
324E000
|
stack
|
page read and write
|
||
|
23F38150000
|
heap
|
page read and write
|
||
|
111F0000
|
unkown
|
page read and write
|
||
|
D9C000
|
stack
|
page read and write
|
||
|
229E75A1000
|
heap
|
page read and write
|
||
|
126C000
|
stack
|
page read and write
|
||
|
74A90000
|
unkown
|
page readonly
|
||
|
229E53D6000
|
heap
|
page read and write
|
||
|
6E4F0000
|
unkown
|
page readonly
|
||
|
112AC000
|
unkown
|
page readonly
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
1319000
|
heap
|
page read and write
|
||
|
229E53DA000
|
heap
|
page read and write
|
||
|
74A94000
|
unkown
|
page readonly
|
||
|
3168000
|
heap
|
page read and write
|
||
|
229E7254000
|
heap
|
page read and write
|
||
|
6E5A9000
|
unkown
|
page readonly
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
70031000
|
unkown
|
page execute read
|
||
|
3145000
|
heap
|
page read and write
|
||
|
229E541E000
|
heap
|
page read and write
|
||
|
11287000
|
unkown
|
page readonly
|
||
|
3340000
|
heap
|
page read and write
|
||
|
112DE000
|
unkown
|
page readonly
|
||
|
12B2000
|
heap
|
page read and write
|
||
|
127A000
|
heap
|
page read and write
|
||
|
7FF70E7EE000
|
unkown
|
page write copy
|
||
|
126E000
|
stack
|
page read and write
|
||
|
74A94000
|
unkown
|
page readonly
|
||
|
1290000
|
heap
|
page read and write
|
||
|
6E4F1000
|
unkown
|
page execute read
|
||
|
165E000
|
stack
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
27490F90000
|
heap
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
229E94E6000
|
heap
|
page read and write
|
||
|
23F385E0000
|
heap
|
page read and write
|
||
|
229E5720000
|
heap
|
page read and write
|
||
|
11000000
|
unkown
|
page readonly
|
||
|
229E540E000
|
heap
|
page read and write
|
||
|
3165000
|
heap
|
page read and write
|
||
|
133E000
|
heap
|
page read and write
|
||
|
23F38338000
|
heap
|
page read and write
|
||
|
134F000
|
heap
|
page read and write
|
||
|
229E9705000
|
heap
|
page read and write
|
||
|
12C8000
|
heap
|
page read and write
|
||
|
111E1000
|
unkown
|
page read and write
|
||
|
11001000
|
unkown
|
page execute read
|
||
|
1351000
|
heap
|
page read and write
|
||
|
419C000
|
stack
|
page read and write
|
||
|
1C9A9434000
|
heap
|
page read and write
|
||
|
16CE000
|
stack
|
page read and write
|
||
|
7FF70E7DB000
|
unkown
|
page write copy
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
1660000
|
heap
|
page read and write
|
||
|
74A94000
|
unkown
|
page readonly
|
||
|
23F38330000
|
heap
|
page read and write
|
||
|
3EAF000
|
stack
|
page read and write
|
||
|
12B7000
|
heap
|
page read and write
|
||
|
2D85000
|
heap
|
page read and write
|
||
|
229E5427000
|
heap
|
page read and write
|
||
|
1C9A93B0000
|
heap
|
page read and write
|
||
|
1125C000
|
unkown
|
page readonly
|
||
|
74A92000
|
unkown
|
page readonly
|
||
|
146F000
|
stack
|
page read and write
|
||
|
55C2D7D000
|
stack
|
page read and write
|
||
|
7FF70E7C8000
|
unkown
|
page readonly
|
||
|
229E5442000
|
heap
|
page read and write
|
||
|
229E7461000
|
heap
|
page read and write
|
||
|
176E000
|
stack
|
page read and write
|
||
|
229E7460000
|
heap
|
page read and write
|
||
|
70044000
|
unkown
|
page readonly
|
||
|
A1C000
|
stack
|
page read and write
|
||
|
11001000
|
unkown
|
page execute read
|
||
|
229E7526000
|
heap
|
page read and write
|
||
|
70030000
|
unkown
|
page readonly
|
||
|
136E000
|
heap
|
page read and write
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
166E000
|
stack
|
page read and write
|
||
|
6E5A6000
|
unkown
|
page write copy
|
||
|
3344000
|
heap
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
E41B32C000
|
stack
|
page read and write
|
||
|
229E541E000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
1125C000
|
unkown
|
page readonly
|
||
|
229E5481000
|
heap
|
page read and write
|
||
|
229E5481000
|
heap
|
page read and write
|
||
|
168C000
|
stack
|
page read and write
|
||
|
5EE1000
|
heap
|
page read and write
|
||
|
112AC000
|
unkown
|
page readonly
|
||
|
112AC000
|
unkown
|
page readonly
|
||
|
A90000
|
heap
|
page read and write
|
||
|
6E5A4000
|
unkown
|
page read and write
|
||
|
136A000
|
heap
|
page read and write
|
||
|
11001000
|
unkown
|
page execute read
|
||
|
229E92F7000
|
heap
|
page read and write
|
||
|
19F9F670000
|
heap
|
page read and write
|
||
|
1970000
|
heap
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
11000000
|
unkown
|
page readonly
|
||
|
13BD000
|
stack
|
page read and write
|
||
|
1499000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
70044000
|
unkown
|
page readonly
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
11001000
|
unkown
|
page execute read
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
229E75A2000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
229E9549000
|
heap
|
page read and write
|
||
|
7FF70E781000
|
unkown
|
page execute read
|
||
|
74A92000
|
unkown
|
page readonly
|
||
|
6E5A9000
|
unkown
|
page readonly
|
||
|
148F000
|
stack
|
page read and write
|
||
|
5EF3000
|
heap
|
page read and write
|
||
|
134F000
|
heap
|
page read and write
|
||
|
6E5A6000
|
unkown
|
page write copy
|
||
|
229E540C000
|
heap
|
page read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
136D000
|
heap
|
page read and write
|
||
|
229E7523000
|
heap
|
page read and write
|
||
|
136D000
|
heap
|
page read and write
|
||
|
1125C000
|
unkown
|
page readonly
|
||
|
229E53C6000
|
heap
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
3220000
|
heap
|
page read and write
|
||
|
11193000
|
unkown
|
page readonly
|
||
|
229E53E7000
|
heap
|
page read and write
|
||
|
229E53A0000
|
heap
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
229E7623000
|
heap
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
74A92000
|
unkown
|
page readonly
|
||
|
3DAE000
|
stack
|
page read and write
|
||
|
1362000
|
heap
|
page read and write
|
||
|
111E1000
|
unkown
|
page read and write
|
||
|
229E53A7000
|
heap
|
page read and write
|
||
|
112DE000
|
unkown
|
page readonly
|
||
|
27491180000
|
heap
|
page read and write
|
||
|
229E5390000
|
heap
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
229E5428000
|
heap
|
page read and write
|
||
|
112DE000
|
unkown
|
page readonly
|
||
|
134F000
|
heap
|
page read and write
|
||
|
229E959F000
|
heap
|
page read and write
|
||
|
70035000
|
unkown
|
page readonly
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
229E956F000
|
heap
|
page read and write
|
||
|
111F0000
|
unkown
|
page read and write
|
||
|
70036000
|
unkown
|
page read and write
|
||
|
12D1000
|
heap
|
page read and write
|
||
|
229E542A000
|
heap
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
70035000
|
unkown
|
page readonly
|
||
|
229E53C2000
|
heap
|
page read and write
|
||
|
229E5340000
|
heap
|
page readonly
|
||
|
229E541E000
|
heap
|
page read and write
|
||
|
11001000
|
unkown
|
page execute read
|
||
|
229E7220000
|
heap
|
page read and write
|
||
|
11000000
|
unkown
|
page readonly
|
||
|
6E5A4000
|
unkown
|
page read and write
|
||
|
11000000
|
unkown
|
page readonly
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
1498000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
1125C000
|
unkown
|
page readonly
|
||
|
F75000
|
heap
|
page read and write
|
||
|
70031000
|
unkown
|
page execute read
|
||
|
74A90000
|
unkown
|
page readonly
|
||
|
229E5446000
|
heap
|
page read and write
|
||
|
111F6000
|
unkown
|
page readonly
|
||
|
229E5407000
|
heap
|
page read and write
|
||
|
10FB000
|
stack
|
page read and write
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
1609000
|
heap
|
page read and write
|
||
|
127E000
|
heap
|
page read and write
|
||
|
1602000
|
heap
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
111F6000
|
unkown
|
page readonly
|
||
|
12AF000
|
heap
|
page read and write
|
||
|
229E74E2000
|
heap
|
page read and write
|
||
|
23F38230000
|
heap
|
page read and write
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
27491224000
|
heap
|
page read and write
|
||
|
1C9A9390000
|
heap
|
page read and write
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
229E7523000
|
heap
|
page read and write
|
||
|
6D209000
|
unkown
|
page write copy
|
||
|
111F0000
|
unkown
|
page read and write
|
||
|
7FF70E7EF000
|
unkown
|
page readonly
|
||
|
1129D000
|
unkown
|
page readonly
|
||
|
10C8000
|
heap
|
page read and write
|
||
|
6E5A6000
|
unkown
|
page write copy
|
||
|
229E76A8000
|
heap
|
page read and write
|
||
|
6D20A000
|
unkown
|
page read and write
|
||
|
1311000
|
heap
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
74A93000
|
unkown
|
page read and write
|
||
|
BCC000
|
stack
|
page read and write
|
||
|
111F6000
|
unkown
|
page readonly
|
||
|
EBC000
|
stack
|
page read and write
|
||
|
1132A000
|
unkown
|
page readonly
|
||
|
5EE0000
|
heap
|
page read and write
|
||
|
229E76A8000
|
heap
|
page read and write
|
||
|
396B000
|
stack
|
page read and write
|
||
|
229E95CB000
|
heap
|
page read and write
|
||
|
30CB000
|
stack
|
page read and write
|
||
|
130D000
|
heap
|
page read and write
|
||
|
FBC000
|
stack
|
page read and write
|
||
|
5C7E000
|
stack
|
page read and write
|
||
|
135D000
|
heap
|
page read and write
|
||
|
10A8000
|
heap
|
page read and write
|
||
|
74A94000
|
unkown
|
page readonly
|
||
|
F7A1FFD000
|
stack
|
page read and write
|
||
|
1319000
|
heap
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
70031000
|
unkown
|
page execute read
|
||
|
6D200000
|
unkown
|
page readonly
|
||
|
1400000
|
heap
|
page read and write
|
||
|
164D000
|
stack
|
page read and write
|
||
|
111E1000
|
unkown
|
page read and write
|
||
|
1365000
|
heap
|
page read and write
|
||
|
12D2000
|
heap
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
112AC000
|
unkown
|
page readonly
|
||
|
229E5481000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
1129D000
|
unkown
|
page readonly
|
||
|
10007C000
|
stack
|
page read and write
|
||
|
229E9684000
|
heap
|
page read and write
|
||
|
133E000
|
heap
|
page read and write
|
||
|
2F75000
|
heap
|
page read and write
|
||
|
112B3000
|
unkown
|
page readonly
|
||
|
137E000
|
stack
|
page read and write
|
||
|
229E9599000
|
heap
|
page read and write
|
||
|
1362000
|
heap
|
page read and write
|
||
|
1361000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
1365000
|
heap
|
page read and write
|
||
|
74A91000
|
unkown
|
page execute read
|
||
|
55C2DFF000
|
stack
|
page read and write
|
||
|
111F6000
|
unkown
|
page readonly
|
||
|
12B7000
|
heap
|
page read and write
|
||
|
1332000
|
heap
|
page read and write
|
||
|
1336000
|
heap
|
page read and write
|
||
|
1132A000
|
unkown
|
page readonly
|
||
|
229E540E000
|
heap
|
page read and write
|
||
|
229E5444000
|
heap
|
page read and write
|
||
|
27491220000
|
heap
|
page read and write
|
||
|
1362000
|
heap
|
page read and write
|
||
|
1129D000
|
unkown
|
page readonly
|
||
|
229E75E3000
|
heap
|
page read and write
|
||
|
11193000
|
unkown
|
page readonly
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
74A92000
|
unkown
|
page readonly
|
||
|
229E74E3000
|
heap
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
12F6000
|
heap
|
page read and write
|
||
|
229E5406000
|
heap
|
page read and write
|
||
|
F7A1B40000
|
stack
|
page read and write
|
||
|
229E53EF000
|
heap
|
page read and write
|
||
|
70031000
|
unkown
|
page execute read
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
70035000
|
unkown
|
page readonly
|
||
|
DC9000
|
stack
|
page read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
70036000
|
unkown
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
229E53E0000
|
heap
|
page read and write
|
||
|
6E4F0000
|
unkown
|
page readonly
|
||
|
74A94000
|
unkown
|
page readonly
|
||
|
1220000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
553E000
|
stack
|
page read and write
|
||
|
229E8AF5000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
11287000
|
unkown
|
page readonly
|
||
|
23F38250000
|
heap
|
page read and write
|
||
|
5930000
|
unclassified section
|
page read and write
|
||
|
111E1000
|
unkown
|
page read and write
|
||
|
229E5428000
|
heap
|
page read and write
|
||
|
6E4F1000
|
unkown
|
page execute read
|
||
|
1445000
|
heap
|
page read and write
|
||
|
1125C000
|
unkown
|
page readonly
|
||
|
229E7350000
|
trusted library allocation
|
page read and write
|
||
|
1820000
|
heap
|
page read and write
|
||
|
12BB000
|
heap
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
74A93000
|
unkown
|
page read and write
|
||
|
1116000
|
heap
|
page read and write
|
||
|
229E5481000
|
heap
|
page read and write
|
||
|
11193000
|
unkown
|
page readonly
|
||
|
1000FF000
|
stack
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
7FF70E780000
|
unkown
|
page readonly
|
||
|
229E8AF4000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
5DBE000
|
stack
|
page read and write
|
||
|
F7A21FD000
|
stack
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
1C9A9450000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
7FF70E781000
|
unkown
|
page execute read
|
||
|
581E000
|
stack
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
F4D000
|
stack
|
page read and write
|
||
|
70035000
|
unkown
|
page readonly
|
||
|
3334000
|
heap
|
page read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
229E5440000
|
heap
|
page read and write
|
||
|
229E71C1000
|
trusted library allocation
|
page read and write
|
||
|
7FF70E7EE000
|
unkown
|
page readonly
|
||
|
229E9617000
|
heap
|
page read and write
|
||
|
6E5A6000
|
unkown
|
page write copy
|
||
|
19F9F690000
|
heap
|
page read and write
|
||
|
74A93000
|
unkown
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
11287000
|
unkown
|
page readonly
|
||
|
3170000
|
heap
|
page read and write
|
||
|
132D000
|
heap
|
page read and write
|
||
|
112B3000
|
unkown
|
page readonly
|
||
|
23F385E4000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
F7A24FB000
|
stack
|
page read and write
|
||
|
5EE1000
|
heap
|
page read and write
|
||
|
59FE000
|
stack
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
409D000
|
stack
|
page read and write
|
||
|
19F9F6D8000
|
heap
|
page read and write
|
||
|
70035000
|
unkown
|
page readonly
|
||
|
1C9A9458000
|
heap
|
page read and write
|
||
|
11193000
|
unkown
|
page readonly
|
||
|
112DE000
|
unkown
|
page readonly
|
||
|
229E7350000
|
heap
|
page read and write
|
||
|
6E4F1000
|
unkown
|
page execute read
|
||
|
334E000
|
heap
|
page read and write
|
||
|
74A91000
|
unkown
|
page execute read
|
||
|
1110000
|
heap
|
page read and write
|
||
|
6E4F0000
|
unkown
|
page readonly
|
||
|
6E5A9000
|
unkown
|
page readonly
|
||
|
112B3000
|
unkown
|
page readonly
|
||
|
229E53E5000
|
heap
|
page read and write
|
||
|
1498000
|
heap
|
page read and write
|
||
|
19F9F660000
|
heap
|
page read and write
|
||
|
229E7523000
|
heap
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
F7A1EFE000
|
stack
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
6E5A9000
|
unkown
|
page readonly
|
||
|
112DE000
|
unkown
|
page readonly
|
||
|
3178000
|
heap
|
page read and write
|
||
|
229E53E1000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
6E4F1000
|
unkown
|
page execute read
|
||
|
308F000
|
stack
|
page read and write
|
||
|
11193000
|
unkown
|
page readonly
|
||
|
74A93000
|
unkown
|
page read and write
|
||
|
12DB000
|
stack
|
page read and write
|
||
|
229E7523000
|
heap
|
page read and write
|
||
|
1357000
|
heap
|
page read and write
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
229E5700000
|
heap
|
page read and write
|
||
|
229E92F5000
|
heap
|
page read and write
|
||
|
229E543F000
|
heap
|
page read and write
|
||
|
27490F80000
|
heap
|
page read and write
|
||
|
229E7624000
|
heap
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
229E53EF000
|
heap
|
page read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
229E5426000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
1129D000
|
unkown
|
page readonly
|
||
|
F7A22FE000
|
stack
|
page read and write
|
||
|
229E7560000
|
heap
|
page read and write
|
||
|
3A6A000
|
stack
|
page read and write
|
||
|
74A92000
|
unkown
|
page readonly
|
||
|
70044000
|
unkown
|
page readonly
|
||
|
229E53E7000
|
heap
|
page read and write
|
||
|
229E572E000
|
heap
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
229E53F6000
|
heap
|
page read and write
|
||
|
11000000
|
unkown
|
page readonly
|
||
|
1270000
|
heap
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
74A91000
|
unkown
|
page execute read
|
||
|
157E000
|
stack
|
page read and write
|
||
|
6E5A4000
|
unkown
|
page read and write
|
||
|
74A93000
|
unkown
|
page read and write
|
||
|
1C9A9380000
|
heap
|
page read and write
|
||
|
5EBF000
|
stack
|
page read and write
|
||
|
5F06000
|
heap
|
page read and write
|
||
|
AB2000
|
unkown
|
page readonly
|
||
|
229E71DA000
|
trusted library allocation
|
page read and write
|
||
|
7FF70E7EA000
|
unkown
|
page readonly
|
||
|
10C3000
|
heap
|
page read and write
|
||
|
1332000
|
heap
|
page read and write
|
||
|
3175000
|
heap
|
page read and write
|
||
|
1132A000
|
unkown
|
page readonly
|
||
|
1225000
|
heap
|
page read and write
|
||
|
148D000
|
heap
|
page read and write
|
||
|
1890000
|
heap
|
page read and write
|
||
|
135D000
|
heap
|
page read and write
|
||
|
229E8AF0000
|
trusted library allocation
|
page read and write
|
||
|
31EB000
|
stack
|
page read and write
|
||
|
229E75E2000
|
heap
|
page read and write
|
||
|
7FF70E780000
|
unkown
|
page readonly
|
||
|
134F000
|
heap
|
page read and write
|
||
|
70036000
|
unkown
|
page read and write
|
||
|
1714000
|
heap
|
page read and write
|
||
|
15E8000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
F7A1B45000
|
stack
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
1129D000
|
unkown
|
page readonly
|
||
|
6D1C1000
|
unkown
|
page execute read
|
||
|
1132A000
|
unkown
|
page readonly
|
||
|
6E4F0000
|
unkown
|
page readonly
|
||
|
130D000
|
heap
|
page read and write
|
||
|
84E6E7D000
|
stack
|
page read and write
|
||
|
229E5481000
|
heap
|
page read and write
|
||
|
229E75A1000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
229E76A8000
|
heap
|
page read and write
|
||
|
3224000
|
heap
|
page read and write
|
||
|
84E6F7F000
|
stack
|
page read and write
|
||
|
229E53FE000
|
heap
|
page read and write
|
||
|
5EF3000
|
heap
|
page read and write
|
||
|
84E6EFF000
|
stack
|
page read and write
|
||
|
11287000
|
unkown
|
page readonly
|
||
|
229E543F000
|
heap
|
page read and write
|
||
|
229E540E000
|
heap
|
page read and write
|
||
|
74A91000
|
unkown
|
page execute read
|
There are 560 hidden memdumps, click here to show them.