Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
current[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe
|
MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Program Files\7-Zip\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_current[1].exe_9b5737f5faee579b493102f3d6aa2427c2a8d_78bff3be_07a493f7-7c08-4e63-830e-5d8ecd9668e0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\jJEAWO.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_jJEAWO.exe_2bd22f57251f20d34b755a755d907fabae7c39b_c18945cf_77b172d6-41a2-4dd7-bb1f-84845737eb17\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2CEF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Jul 24 22:26:20 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D7C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2DAC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB9B3.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Jul 24 22:25:51 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBB0C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBB2C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\k1[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\089268A2.exe
|
ASCII text
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\current[1].exe
|
"C:\Users\user\Desktop\current[1].exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\jJEAWO.exe
|
C:\Users\user\AppData\Local\Temp\jJEAWO.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 1624
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 1504
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ddos.dnsnb8.net:799/cj//k2.rarDownloadManagerA
|
unknown
|
|
|
|
sofahuntingslidedine.shop
|
|
||
|
triangleseasonbenchwj.shop
|
|
||
|
https://sofahuntingslidedine.shop/api
|
188.114.96.3
|
|
|
|
modestessayevenmilwek.shop
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k2.rarh?
|
unknown
|
|
|
|
https://sofahuntingslidedine.shop/
|
unknown
|
|
|
|
https://sofahuntingslidedine.shop/u
|
unknown
|
|
|
|
secretionsuitcasenioise.shop
|
|
||
|
gemcreedarticulateod.shop
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k2.rar
|
44.221.84.105
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rarp
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rark
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rarl
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rarm
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rarE0
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rarT
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rar
|
44.221.84.105
|
|
|
|
liabilityarrangemenyit.shop
|
|
||
|
https://sofahuntingslidedine.shop/apik
|
unknown
|
|
|
|
culturesketchfinanciall.shop
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rarcC:
|
unknown
|
|
|
|
claimconcessionrebe.shop
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k2.rarN
|
unknown
|
|
|
|
http://www.scintilla.org/scite.rng
|
unknown
|
||
|
http://www.rftp.comJosiah
|
unknown
|
||
|
http://www.activestate.com
|
unknown
|
||
|
http://www.activestate.comHolger
|
unknown
|
||
|
http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.rftp.com
|
unknown
|
||
|
http://www.baanboard.comBrendon
|
unknown
|
||
|
https://www.smartsharesystems.com/
|
unknown
|
||
|
http://www.scintilla.org
|
unknown
|
||
|
http://www.spaceblue.comMathias
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
https://www.smartsharesystems.com/Morten
|
unknown
|
||
|
http://www.develop.com
|
unknown
|
||
|
http://www.lua.org
|
unknown
|
||
|
http://www.spaceblue.com
|
unknown
|
||
|
http://www.baanboard.com
|
unknown
|
||
|
https://www.cloudflare.com/learning/ddos/glossary/malware/
|
unknown
|
||
|
http://www.develop.comDeepak
|
unknown
|
There are 33 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sofahuntingslidedine.shop
|
188.114.96.3
|
|
|
|
ddos.dnsnb8.net
|
44.221.84.105
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.96.3
|
sofahuntingslidedine.shop
|
European Union
|
|
|
|
44.221.84.105
|
ddos.dnsnb8.net
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
ProgramId
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
FileId
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
LongPathHash
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Name
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Publisher
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Version
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
BinaryType
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
ProductName
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
ProductVersion
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
LinkDate
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Size
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Language
|
|
|
|
\REGISTRY\A\{cc28f33c-ed58-54b5-2b73-b95d76ba5c8e}\Root\InventoryApplicationFile\current[1].exe|98a8c4c98c9b316a
|
Usn
|
|
|
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
ProgramId
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
FileId
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
LongPathHash
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Name
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
OriginalFileName
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Publisher
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Version
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
BinFileVersion
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
BinaryType
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
ProductName
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
ProductVersion
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
LinkDate
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
BinProductVersion
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Size
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Language
|
||
|
\REGISTRY\A\{e1a9a3a2-8546-612a-fb94-6404bd4fcb9e}\Root\InventoryApplicationFile\jjeawo.exe|37e9c6d593d9e7ac
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00EC0950A0E
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
740000
|
direct allocation
|
page execute and read and write
|
|
|
|
2FB7000
|
stack
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
E80000
|
direct allocation
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
10CB000
|
heap
|
page read and write
|
||
|
382C000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
21B0000
|
remote allocation
|
page read and write
|
||
|
E80000
|
direct allocation
|
page read and write
|
||
|
E94000
|
unkown
|
page read and write
|
||
|
E91000
|
unkown
|
page execute and write copy
|
||
|
10FE000
|
heap
|
page read and write
|
||
|
33FF000
|
stack
|
page read and write
|
||
|
3A6E000
|
stack
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
E96000
|
unkown
|
page execute and read and write
|
||
|
10EB000
|
heap
|
page read and write
|
||
|
8DD000
|
heap
|
page read and write
|
||
|
2BAD000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
direct allocation
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
10B4000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8BE000
|
heap
|
page read and write
|
||
|
10F3000
|
heap
|
page read and write
|
||
|
2B9F000
|
stack
|
page read and write
|
||
|
8BC000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
497000
|
unkown
|
page execute and write copy
|
||
|
1517000
|
heap
|
page read and write
|
||
|
10EB000
|
heap
|
page read and write
|
||
|
10D5000
|
heap
|
page read and write
|
||
|
10D5000
|
heap
|
page read and write
|
||
|
E80000
|
direct allocation
|
page read and write
|
||
|
E80000
|
direct allocation
|
page read and write
|
||
|
150E000
|
stack
|
page read and write
|
||
|
466000
|
unkown
|
page readonly
|
||
|
151A000
|
heap
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
8CD000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
E93000
|
unkown
|
page readonly
|
||
|
241D000
|
stack
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
105A000
|
heap
|
page read and write
|
||
|
37CF000
|
stack
|
page read and write
|
||
|
8BB000
|
heap
|
page read and write
|
||
|
109F000
|
heap
|
page read and write
|
||
|
222D000
|
stack
|
page read and write
|
||
|
8B3000
|
heap
|
page read and write
|
||
|
21B0000
|
direct allocation
|
page read and write
|
||
|
396D000
|
stack
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
483000
|
unkown
|
page execute and read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
21B0000
|
remote allocation
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
81E000
|
heap
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
2BAB000
|
trusted library allocation
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
8CD000
|
heap
|
page read and write
|
||
|
894000
|
heap
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
2DBA000
|
stack
|
page read and write
|
||
|
F9C000
|
stack
|
page read and write
|
||
|
141F000
|
stack
|
page read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
131E000
|
stack
|
page read and write
|
||
|
81A000
|
heap
|
page read and write
|
||
|
271F000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
2BA5000
|
trusted library allocation
|
page read and write
|
||
|
149D000
|
stack
|
page read and write
|
||
|
10FA000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
direct allocation
|
page read and write
|
||
|
B9C000
|
stack
|
page read and write
|
||
|
10D5000
|
heap
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
E91000
|
unkown
|
page execute read
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
498000
|
unkown
|
page execute and write copy
|
||
|
E96000
|
unkown
|
page execute and write copy
|
||
|
82E000
|
heap
|
page execute and read and write
|
||
|
1098000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
36CE000
|
stack
|
page read and write
|
||
|
10B4000
|
heap
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1034000
|
heap
|
page read and write
|
||
|
470000
|
unkown
|
page write copy
|
||
|
8CD000
|
heap
|
page read and write
|
||
|
10FE000
|
heap
|
page read and write
|
||
|
E75000
|
heap
|
page read and write
|
||
|
109F000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
8A3000
|
heap
|
page read and write
|
||
|
21B0000
|
remote allocation
|
page read and write
|
||
|
88E000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
392C000
|
stack
|
page read and write
|
||
|
226E000
|
stack
|
page read and write
|
||
|
73F000
|
stack
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
251D000
|
stack
|
page read and write
|
||
|
E93000
|
unkown
|
page write copy
|
||
|
E70000
|
heap
|
page read and write
|
||
|
5360000
|
heap
|
page read and write
|
||
|
E90000
|
unkown
|
page readonly
|
||
|
367F000
|
stack
|
page read and write
|
||
|
1103000
|
heap
|
page read and write
|
||
|
105E000
|
heap
|
page read and write
|
||
|
10B4000
|
heap
|
page read and write
|
||
|
10EB000
|
heap
|
page read and write
|
||
|
8CD000
|
heap
|
page read and write
|
||
|
261F000
|
stack
|
page read and write
|
||
|
46C000
|
unkown
|
page write copy
|
||
|
145E000
|
stack
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
10FF000
|
heap
|
page read and write
|
||
|
8BE000
|
heap
|
page read and write
|
||
|
47F000
|
unkown
|
page readonly
|
||
|
107B000
|
heap
|
page read and write
|
||
|
635000
|
heap
|
page read and write
|
||
|
10FE000
|
heap
|
page read and write
|
||
|
22AE000
|
stack
|
page read and write
|
||
|
109F000
|
heap
|
page read and write
|
||
|
21E0000
|
heap
|
page read and write
|
||
|
1019000
|
stack
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
E90000
|
unkown
|
page readonly
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
412000
|
unkown
|
page execute read
|
||
|
89A000
|
heap
|
page read and write
|
||
|
8BE000
|
heap
|
page read and write
|
||
|
8BE000
|
heap
|
page read and write
|
||
|
22EE000
|
stack
|
page read and write
|
There are 147 hidden memdumps, click here to show them.