Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Lisect_AVT_24003_G1A_72.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe
|
MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Program Files\7-Zip\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\jawuwAtX.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_jawuwAtX.exe_92f7bd4c2a248b9282872241334e9a346491113_751f8ef7_703e38e9-db4d-48e3-b293-e2d61713eacb\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER96C8.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Jul 25 02:58:17 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER97F2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9822.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\k1[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\341D4B96.exe
|
ASCII text
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Lisect_AVT_24003_G1A_72.exe
|
"C:\Users\user\Desktop\Lisect_AVT_24003_G1A_72.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\jawuwAtX.exe
|
C:\Users\user\AppData\Local\Temp\jawuwAtX.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 1548
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
healthproline.pro
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rars
|
unknown
|
|
|
|
smallrabbitcrossing.site
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k2.rar
|
44.221.84.105
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rarNp3
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rar
|
44.221.84.105
|
|
|
|
punchtelephoneverdi.stor
|
|
||
|
https://smallrabbitcrossing.site/api
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rar=
|
unknown
|
|
|
|
telephoneverdictyow.site
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k2.rarh
|
unknown
|
|
|
|
strainriskpropos.stor
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rarZ
|
unknown
|
|
|
|
theoryapparatusjuko.fun
|
|
||
|
http://ddos.dnsnb8.net/
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rarF;
|
unknown
|
|
|
|
https://smallrabbitcrossing.site/
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rarDownloadManager1
|
unknown
|
|
|
|
snuggleapplicationswo.fun
|
|
||
|
https://strainriskpropos.store/api
|
unknown
|
||
|
http://www.scintilla.org/scite.rng
|
unknown
|
||
|
http://www.activestate.comHolger
|
unknown
|
||
|
https://strainriskpropos.store:443/api
|
unknown
|
||
|
https://telephoneverdictyow.site/apiGaX
|
unknown
|
||
|
http://www.baanboard.comBrendon
|
unknown
|
||
|
https://strainriskpropos.store/D%D
|
unknown
|
||
|
https://www.smartsharesystems.com/
|
unknown
|
||
|
http://www.scintilla.org
|
unknown
|
||
|
https://punchtelephoneverdi.store:443/api
|
unknown
|
||
|
http://www.develop.com
|
unknown
|
||
|
http://www.spaceblue.com
|
unknown
|
||
|
http://www.baanboard.com
|
unknown
|
||
|
http://www.develop.comDeepak
|
unknown
|
||
|
https://snuggleapplicationswo.fun/
|
unknown
|
||
|
https://telephoneverdictyow.site/l
|
unknown
|
||
|
https://telephoneverdictyow.site/
|
unknown
|
||
|
https://telephoneverdictyow.site/api
|
unknown
|
||
|
http://www.rftp.comJosiah
|
unknown
|
||
|
http://www.activestate.com
|
unknown
|
||
|
http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.rftp.com
|
unknown
|
||
|
http://www.spaceblue.comMathias
|
unknown
|
||
|
https://punchtelephoneverdi.store/
|
unknown
|
||
|
https://strainriskpropos.store/
|
unknown
|
||
|
https://www.smartsharesystems.com/Morten
|
unknown
|
||
|
https://punchtelephoneverdi.store/apihL
|
unknown
|
||
|
https://strainriskpropos.store/M%s
|
unknown
|
||
|
https://strainriskpropos.store/api;
|
unknown
|
||
|
http://www.lua.org
|
unknown
|
||
|
https://telephoneverdictyow.site:443/api
|
unknown
|
There are 41 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
healthproline.pro
|
unknown
|
|
|
|
smallrabbitcrossing.site
|
unknown
|
|
|
|
strainriskpropos.store
|
unknown
|
|
|
|
snuggleapplicationswo.fun
|
unknown
|
|
|
|
punchtelephoneverdi.store
|
unknown
|
|
|
|
telephoneverdictyow.site
|
unknown
|
|
|
|
theoryapparatusjuko.fun
|
unknown
|
|
|
|
ddos.dnsnb8.net
|
44.221.84.105
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
44.221.84.105
|
ddos.dnsnb8.net
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
ProgramId
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
FileId
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
LongPathHash
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
Name
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
OriginalFileName
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
Publisher
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
Version
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
BinFileVersion
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
BinaryType
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
ProductName
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
ProductVersion
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
LinkDate
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
BinProductVersion
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
Size
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
Language
|
||
|
\REGISTRY\A\{5784aa53-09fd-4552-f3a9-672e0dfce1bc}\Root\InventoryApplicationFile\jawuwatx.exe|f6b8478e0e021cd0
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1360000
|
direct allocation
|
page read and write
|
|
|
|
816000
|
unkown
|
page execute and read and write
|
||
|
13D8000
|
heap
|
page read and write
|
||
|
14C000
|
unkown
|
page readonly
|
||
|
33DD000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
379E000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
13D9000
|
heap
|
page read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
133E000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
104D000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
107C000
|
stack
|
page read and write
|
||
|
DF5000
|
heap
|
page read and write
|
||
|
F50000
|
direct allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
6ED000
|
unkown
|
page execute and read and write
|
||
|
41D000
|
unkown
|
page write copy
|
||
|
1224000
|
heap
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
41D000
|
unkown
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
F50000
|
direct allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
16D000
|
unkown
|
page readonly
|
||
|
7D4000
|
unkown
|
page execute and read and write
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
A60000
|
unkown
|
page execute read
|
||
|
3497000
|
direct allocation
|
page read and write
|
||
|
38B0000
|
remote allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
41E000
|
unkown
|
page readonly
|
||
|
88F000
|
unkown
|
page execute and read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
324000
|
unkown
|
page read and write
|
||
|
7AA000
|
unkown
|
page execute and read and write
|
||
|
2CC8000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
4BE000
|
unkown
|
page execute and read and write
|
||
|
DE4000
|
unkown
|
page execute and read and write
|
||
|
80A000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
13D5000
|
heap
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
13E1000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
41E000
|
unkown
|
page readonly
|
||
|
15B000
|
unkown
|
page readonly
|
||
|
F40000
|
direct allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
E0000
|
unkown
|
page readonly
|
||
|
431000
|
unkown
|
page readonly
|
||
|
38B0000
|
remote allocation
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
33A0000
|
direct allocation
|
page read and write
|
||
|
1057000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
578000
|
unkown
|
page execute and read and write
|
||
|
1022000
|
heap
|
page read and write
|
||
|
81C000
|
unkown
|
page execute and read and write
|
||
|
570000
|
unkown
|
page execute and read and write
|
||
|
3482000
|
direct allocation
|
page read and write
|
||
|
14C000
|
unkown
|
page readonly
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
E1000
|
unkown
|
page execute read
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
A60000
|
unkown
|
page execute read
|
||
|
13BC000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
DEB000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
323000
|
unkown
|
page readonly
|
||
|
1063000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
6E9000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
13C9000
|
heap
|
page read and write
|
||
|
4FA000
|
unkown
|
page execute and read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
7D2000
|
unkown
|
page execute and read and write
|
||
|
3A1E000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
320000
|
unkown
|
page readonly
|
||
|
2E22000
|
heap
|
page read and write
|
||
|
F50000
|
direct allocation
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
1041000
|
heap
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
13FB000
|
heap
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
385D000
|
stack
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
E0000
|
unkown
|
page readonly
|
||
|
574000
|
unkown
|
page execute and read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
1058000
|
heap
|
page read and write
|
||
|
38C0000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
42F000
|
unkown
|
page readonly
|
||
|
357F000
|
stack
|
page read and write
|
||
|
6E5000
|
unkown
|
page execute and read and write
|
||
|
167F000
|
stack
|
page read and write
|
||
|
13C9000
|
heap
|
page read and write
|
||
|
138E000
|
heap
|
page read and write
|
||
|
389F000
|
stack
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
13E1000
|
heap
|
page read and write
|
||
|
35CB000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
33A1000
|
trusted library allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
94C000
|
stack
|
page read and write
|
||
|
13AB000
|
heap
|
page read and write
|
||
|
381F000
|
stack
|
page read and write
|
||
|
6E7000
|
unkown
|
page execute and read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
705000
|
unkown
|
page execute and read and write
|
||
|
80C000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
15B000
|
unkown
|
page readonly
|
||
|
1224000
|
heap
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
80E000
|
unkown
|
page execute and read and write
|
||
|
724000
|
unkown
|
page execute and read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
33A0000
|
direct allocation
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
138A000
|
heap
|
page read and write
|
||
|
371E000
|
stack
|
page read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
DE7000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
7DF000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
13BC000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
375F000
|
stack
|
page read and write
|
||
|
361D000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
818000
|
unkown
|
page execute and read and write
|
||
|
1225000
|
heap
|
page read and write
|
||
|
51A000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
83D000
|
unkown
|
page execute and read and write
|
||
|
810000
|
unkown
|
page execute and read and write
|
||
|
139000
|
unkown
|
page readonly
|
||
|
7B4000
|
unkown
|
page execute and read and write
|
||
|
820000
|
unkown
|
page execute and read and write
|
||
|
13BC000
|
heap
|
page read and write
|
||
|
14C000
|
unkown
|
page readonly
|
||
|
1224000
|
heap
|
page read and write
|
||
|
FBE000
|
heap
|
page read and write
|
||
|
DE4000
|
unkown
|
page execute and write copy
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
13F9000
|
heap
|
page read and write
|
||
|
56E000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
4CD000
|
unkown
|
page execute and read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
11AE000
|
stack
|
page read and write
|
||
|
33B2000
|
direct allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
323000
|
unkown
|
page write copy
|
||
|
431000
|
unkown
|
page readonly
|
||
|
13B000
|
unkown
|
page read and write
|
||
|
551000
|
unkown
|
page execute and read and write
|
||
|
1026000
|
heap
|
page read and write
|
||
|
F80000
|
direct allocation
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
F50000
|
direct allocation
|
page read and write
|
||
|
13FB000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
13FB000
|
heap
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
6EF000
|
unkown
|
page execute and read and write
|
||
|
30B4000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
3472000
|
trusted library allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
EFF000
|
stack
|
page read and write
|
||
|
395E000
|
stack
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
7BF000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
2A4A000
|
stack
|
page read and write
|
||
|
13D5000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
E1000
|
unkown
|
page execute read
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
13F9000
|
heap
|
page read and write
|
||
|
365E000
|
stack
|
page read and write
|
||
|
13C9000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
351D000
|
stack
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
710000
|
unkown
|
page execute and read and write
|
||
|
13B000
|
unkown
|
page write copy
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
13D5000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
117C000
|
stack
|
page read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
38B0000
|
remote allocation
|
page read and write
|
||
|
42F000
|
unkown
|
page readonly
|
||
|
FBA000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
23D000
|
unkown
|
page readonly
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
707000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
71C000
|
unkown
|
page execute and read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
DE5000
|
unkown
|
page execute and write copy
|
||
|
326000
|
unkown
|
page execute and read and write
|
||
|
320000
|
unkown
|
page readonly
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
13F9000
|
heap
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
326000
|
unkown
|
page execute and write copy
|
||
|
1380000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
139000
|
unkown
|
page readonly
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
321000
|
unkown
|
page execute read
|
||
|
252000
|
unkown
|
page readonly
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
562000
|
unkown
|
page execute and read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
36CC000
|
stack
|
page read and write
|
||
|
4C0000
|
unkown
|
page execute and read and write
|
||
|
3417000
|
direct allocation
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
321000
|
unkown
|
page execute and write copy
|
||
|
104E000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
1360000
|
direct allocation
|
page read and write
|
||
|
484000
|
unkown
|
page execute and read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
572000
|
unkown
|
page execute and read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
F7A000
|
stack
|
page read and write
|
||
|
106A000
|
heap
|
page read and write
|
||
|
702000
|
unkown
|
page execute and read and write
|
||
|
7E1000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
822000
|
unkown
|
page execute and read and write
|
||
|
391D000
|
stack
|
page read and write
|
||
|
1066000
|
heap
|
page read and write
|
||
|
6EB000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1D2000
|
unkown
|
page readonly
|
||
|
564000
|
unkown
|
page execute and read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
1041000
|
heap
|
page read and write
|
||
|
2E21000
|
heap
|
page read and write
|
||
|
13E1000
|
heap
|
page read and write
|
There are 317 hidden memdumps, click here to show them.