Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Lisect_AVT_24003_G1A_70.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe
|
MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\7-Zip\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_oHOvZLBf.exe_ef3ef087bfe1a04e60882b1f0137943404fb79_63dab170_18f3e01d-e9ad-41e1-b61a-5f311b0ed995\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF3E3.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Jul 25 02:58:47 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5A9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5E8.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\k1[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\k2[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\k3[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\05734EF9.exe
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\37AE5FF3.exe
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3C4C055C.exe
|
ASCII text
|
modified
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe
|
"C:\Users\user\Desktop\Lisect_AVT_24003_G1A_70.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\oHOvZLBf.exe
|
C:\Users\user~1\AppData\Local\Temp\oHOvZLBf.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 1528
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
punchtelephoneverdi.stor
|
|
||
|
healthproline.pro
|
|
||
|
https://telephoneverdictyow.site/
|
unknown
|
|
|
|
https://snuggleapplicationswo.fun/y
|
unknown
|
|
|
|
https://strainriskpropos.store/api
|
unknown
|
|
|
|
https://strainriskpropos.store:443/api7
|
unknown
|
|
|
|
telephoneverdictyow.site
|
|
||
|
https://strainriskpropos.store/apii9
|
unknown
|
|
|
|
https://telephoneverdictyow.site/7
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k3.rar
|
44.221.84.105
|
|
|
|
https://telephoneverdictyow.site/8
|
unknown
|
|
|
|
smallrabbitcrossing.site
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rarTq
|
unknown
|
|
|
|
strainriskpropos.stor
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rarO
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rar
|
44.221.84.105
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rarDC:
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rarl
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k3.raroC:
|
unknown
|
|
|
|
https://strainriskpropos.store/apiG
|
unknown
|
|
|
|
theoryapparatusjuko.fun
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k1.rar
|
44.221.84.105
|
|
|
|
snuggleapplicationswo.fun
|
|
||
|
http://ddos.dnsnb8.net:799/cj//k3.rar4
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rarc
|
unknown
|
|
|
|
http://www.scintilla.org/scite.rng
|
unknown
|
||
|
http://www.rftp.comJosiah
|
unknown
|
||
|
http://www.activestate.com
|
unknown
|
||
|
http://www.activestate.comHolger
|
unknown
|
||
|
https://theoryapparatusjuko.fun/
|
unknown
|
||
|
http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE
|
unknown
|
||
|
https://theoryapparatusjuko.fun/api
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.rftp.com
|
unknown
|
||
|
http://www.baanboard.comBrendon
|
unknown
|
||
|
https://www.smartsharesystems.com/
|
unknown
|
||
|
http://www.scintilla.org
|
unknown
|
||
|
http://www.spaceblue.comMathias
|
unknown
|
||
|
https://punchtelephoneverdi.store/
|
unknown
|
||
|
https://strainriskpropos.store/
|
unknown
|
||
|
https://www.smartsharesystems.com/Morten
|
unknown
|
||
|
http://www.develop.com
|
unknown
|
||
|
http://www.lua.org
|
unknown
|
||
|
https://smallrabbitcrossing.site/
|
unknown
|
||
|
http://www.spaceblue.com
|
unknown
|
||
|
http://www.baanboard.com
|
unknown
|
||
|
http://www.develop.comDeepak
|
unknown
|
||
|
https://smallrabbitcrossing.site/M
|
unknown
|
There are 38 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
healthproline.pro
|
unknown
|
|
|
|
smallrabbitcrossing.site
|
unknown
|
|
|
|
strainriskpropos.store
|
unknown
|
|
|
|
snuggleapplicationswo.fun
|
unknown
|
|
|
|
punchtelephoneverdi.store
|
unknown
|
|
|
|
telephoneverdictyow.site
|
unknown
|
|
|
|
theoryapparatusjuko.fun
|
unknown
|
|
|
|
ddos.dnsnb8.net
|
44.221.84.105
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
44.221.84.105
|
ddos.dnsnb8.net
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
ProgramId
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
FileId
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
LongPathHash
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
Name
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
OriginalFileName
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
Publisher
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
Version
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
BinFileVersion
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
BinaryType
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
ProductName
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
ProductVersion
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
LinkDate
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
BinProductVersion
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
Size
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
Language
|
||
|
\REGISTRY\A\{2aa3a07c-6a2d-7d01-7291-ba3711dc43e5}\Root\InventoryApplicationFile\ohovzlbf.exe|5719a2c19de6b12b
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9F0000
|
direct allocation
|
page read and write
|
|
|
|
173E000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
119F000
|
unkown
|
page execute and read and write
|
||
|
DE0000
|
unkown
|
page readonly
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
1F35000
|
heap
|
page read and write
|
||
|
1184000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1F22000
|
heap
|
page read and write
|
||
|
339B000
|
stack
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
DE1000
|
unkown
|
page execute read
|
||
|
DF3000
|
unkown
|
page readonly
|
||
|
BF6000
|
heap
|
page read and write
|
||
|
1F3A000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1F12000
|
heap
|
page read and write
|
||
|
112F000
|
unkown
|
page readonly
|
||
|
335F000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
C7F000
|
heap
|
page read and write
|
||
|
12B2000
|
unkown
|
page execute and read and write
|
||
|
35DD000
|
stack
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
1F15000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
DF1000
|
unkown
|
page execute read
|
||
|
1740000
|
unkown
|
page execute and read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
111D000
|
unkown
|
page read and write
|
||
|
1EC0000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
2AD8000
|
stack
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
1744000
|
unkown
|
page execute and read and write
|
||
|
299F000
|
stack
|
page read and write
|
||
|
1EFD000
|
heap
|
page read and write
|
||
|
17C2000
|
unkown
|
page execute and read and write
|
||
|
1742000
|
unkown
|
page execute and read and write
|
||
|
7F0000
|
direct allocation
|
page read and write
|
||
|
1F22000
|
heap
|
page read and write
|
||
|
3F97000
|
direct allocation
|
page read and write
|
||
|
112F000
|
unkown
|
page readonly
|
||
|
13B6000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
4002000
|
direct allocation
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
21BF000
|
stack
|
page read and write
|
||
|
C43000
|
heap
|
page read and write
|
||
|
3F20000
|
direct allocation
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
43E0000
|
remote allocation
|
page read and write
|
||
|
34DB000
|
stack
|
page read and write
|
||
|
E39000
|
unkown
|
page readonly
|
||
|
1EF9000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
13B8000
|
unkown
|
page execute and read and write
|
||
|
173A000
|
unkown
|
page execute and read and write
|
||
|
1F3E000
|
heap
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1F3E000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
C75000
|
heap
|
page read and write
|
||
|
DE1000
|
unkown
|
page execute read
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
1F3E000
|
heap
|
page read and write
|
||
|
429F000
|
stack
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
111E000
|
unkown
|
page readonly
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
F3D000
|
unkown
|
page readonly
|
||
|
E6D000
|
unkown
|
page readonly
|
||
|
3961000
|
heap
|
page read and write
|
||
|
E4C000
|
unkown
|
page readonly
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1EF9000
|
heap
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
1F3E000
|
heap
|
page read and write
|
||
|
12A0000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1E3E000
|
stack
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
E4C000
|
unkown
|
page readonly
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
C43000
|
heap
|
page read and write
|
||
|
43E0000
|
remote allocation
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
C97000
|
heap
|
page read and write
|
||
|
1ECA000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
DE0000
|
unkown
|
page readonly
|
||
|
DF0000
|
unkown
|
page readonly
|
||
|
FFF000
|
stack
|
page read and write
|
||
|
13D9000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
13CB000
|
unkown
|
page execute and read and write
|
||
|
1F31000
|
heap
|
page read and write
|
||
|
1F35000
|
heap
|
page read and write
|
||
|
DF3000
|
unkown
|
page write copy
|
||
|
289A000
|
stack
|
page read and write
|
||
|
11CA000
|
unkown
|
page execute and read and write
|
||
|
13C9000
|
unkown
|
page execute and read and write
|
||
|
1F31000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
1F39000
|
heap
|
page read and write
|
||
|
2E9D000
|
stack
|
page read and write
|
||
|
111D000
|
unkown
|
page write copy
|
||
|
E3B000
|
unkown
|
page read and write
|
||
|
1ECE000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
12B0000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1EE3000
|
heap
|
page read and write
|
||
|
C52000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
1EFD000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
111E000
|
unkown
|
page readonly
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
C7F000
|
heap
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
1F31000
|
heap
|
page read and write
|
||
|
1F35000
|
heap
|
page read and write
|
||
|
3F25000
|
trusted library allocation
|
page read and write
|
||
|
13C7000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
BBA000
|
heap
|
page read and write
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
E5B000
|
unkown
|
page readonly
|
||
|
3961000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
1E7E000
|
stack
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
467E000
|
stack
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1F12000
|
heap
|
page read and write
|
||
|
349E000
|
stack
|
page read and write
|
||
|
7C5000
|
heap
|
page read and write
|
||
|
1F31000
|
heap
|
page read and write
|
||
|
1922000
|
unkown
|
page execute read
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
C78000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
20BF000
|
stack
|
page read and write
|
||
|
7F0000
|
direct allocation
|
page read and write
|
||
|
1534000
|
unkown
|
page execute and read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
1730000
|
unkown
|
page execute and read and write
|
||
|
1F39000
|
heap
|
page read and write
|
||
|
BB7000
|
heap
|
page read and write
|
||
|
ED2000
|
unkown
|
page readonly
|
||
|
1526000
|
unkown
|
page execute and read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
1528000
|
unkown
|
page execute and read and write
|
||
|
1EEB000
|
heap
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
7E0000
|
direct allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
7F0000
|
direct allocation
|
page read and write
|
||
|
B7A000
|
stack
|
page read and write
|
||
|
1530000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
7F0000
|
direct allocation
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1F39000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
1F22000
|
heap
|
page read and write
|
||
|
C6C000
|
heap
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
DF4000
|
unkown
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
3AA0000
|
heap
|
page read and write
|
||
|
457E000
|
stack
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
1518000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
7E0000
|
direct allocation
|
page read and write
|
||
|
4FC0000
|
trusted library allocation
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
F52000
|
unkown
|
page readonly
|
||
|
3961000
|
heap
|
page read and write
|
||
|
E3B000
|
unkown
|
page write copy
|
||
|
13D7000
|
unkown
|
page execute and read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
4017000
|
direct allocation
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
13D3000
|
unkown
|
page execute and read and write
|
||
|
13CF000
|
unkown
|
page execute and read and write
|
||
|
17B6000
|
unkown
|
page execute and read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
BF8000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1F22000
|
heap
|
page read and write
|
||
|
3FF6000
|
trusted library allocation
|
page read and write
|
||
|
70C000
|
stack
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
1EF1000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
11B6000
|
unkown
|
page execute and read and write
|
||
|
152C000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
3960000
|
heap
|
page read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
43E0000
|
remote allocation
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
1F14000
|
heap
|
page read and write
|
||
|
1736000
|
unkown
|
page execute and read and write
|
||
|
415D000
|
stack
|
page read and write
|
||
|
DF6000
|
unkown
|
page execute and write copy
|
||
|
419E000
|
stack
|
page read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
13C5000
|
unkown
|
page execute and read and write
|
||
|
95C000
|
stack
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
1F3F000
|
heap
|
page read and write
|
||
|
173C000
|
unkown
|
page execute and read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
405D000
|
stack
|
page read and write
|
||
|
DF6000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
13DB000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1922000
|
unkown
|
page execute read
|
||
|
1F35000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
1DF6000
|
unkown
|
page execute and write copy
|
||
|
13B4000
|
unkown
|
page execute and read and write
|
||
|
DF0000
|
unkown
|
page readonly
|
||
|
1DF6000
|
unkown
|
page execute and read and write
|
||
|
3A9D000
|
stack
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
DF1000
|
unkown
|
page execute and write copy
|
||
|
1DF7000
|
unkown
|
page execute and write copy
|
||
|
3961000
|
heap
|
page read and write
|
||
|
13D5000
|
unkown
|
page execute and read and write
|
||
|
E39000
|
unkown
|
page readonly
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
1EFD000
|
heap
|
page read and write
|
||
|
1532000
|
unkown
|
page execute and read and write
|
||
|
3F32000
|
direct allocation
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
BCE000
|
heap
|
page read and write
|
||
|
128E000
|
unkown
|
page execute and read and write
|
||
|
2EA4000
|
heap
|
page read and write
|
||
|
1EF9000
|
heap
|
page read and write
|
||
|
3AD0000
|
heap
|
page read and write
|
||
|
9F0000
|
direct allocation
|
page read and write
|
||
|
452E000
|
stack
|
page read and write
|
||
|
C52000
|
heap
|
page read and write
|
||
|
1131000
|
unkown
|
page readonly
|
||
|
C6C000
|
heap
|
page read and write
|
||
|
152E000
|
unkown
|
page execute and read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
43DF000
|
stack
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
3A60000
|
direct allocation
|
page read and write
|
||
|
1131000
|
unkown
|
page readonly
|
||
|
1F12000
|
heap
|
page read and write
|
||
|
1EEA000
|
heap
|
page read and write
|
||
|
3961000
|
heap
|
page read and write
|
||
|
42DE000
|
stack
|
page read and write
|
||
|
C7B000
|
heap
|
page read and write
|
||
|
401E000
|
stack
|
page read and write
|
There are 304 hidden memdumps, click here to show them.