Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
oz9Blof9tN.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 936,
Revision Number: {1CF5B253-45C8-4A59-ABDD-E1EC47B34789}, Number of Words: 10, Subject: cloudchat, Author: cloudchat.inc, Name
of Creating Application: cloudchat, Template: ;2052, Comments: Installer cloudchat , Title: Installation Database, Keywords:
Installer, MSI, Database, Create Time/Date: Mon Jul 8 03:46:57 2024, Last Saved Time/Date: Mon Jul 8 03:46:57 2024, Last
Printed: Mon Jul 8 03:46:57 2024, Number of Pages: 450
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI43E2.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI4440.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI4480.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI44DF.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI452E.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Installer\MSI460B.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\4b42f9.rbs
|
data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Windows\Installer\4b42f7.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 936,
Revision Number: {1CF5B253-45C8-4A59-ABDD-E1EC47B34789}, Number of Words: 10, Subject: cloudchat, Author: cloudchat.inc, Name
of Creating Application: cloudchat, Template: ;2052, Comments: Installer cloudchat , Title: Installation Database, Keywords:
Installer, MSI, Database, Create Time/Date: Mon Jul 8 03:46:57 2024, Last Saved Time/Date: Mon Jul 8 03:46:57 2024, Last
Printed: Mon Jul 8 03:46:57 2024, Number of Pages: 450
|
dropped
|
||
|
C:\Windows\Installer\MSI458D.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{0915C26A-4838-446F-95D6-9061AE0B204B}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF26A03A8EF478E99D.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF34DB424D6AAC3B2C.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF3703E31376DDDE90.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF375A5FCA068E513A.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF3BA5F8BFCCD9AB7E.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF5FBFD5FAEC5D1C7A.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF61026EF737EB17DF.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF9106CB87AB2F9244.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF92B3FF885428F156.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF94672BF2CC789CA1.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFE56DB21FD109D40A.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFF5CEB662862EABEF.TMP
|
data
|
dropped
|
There are 18 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\oz9Blof9tN.msi"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
|
|
|
C:\Windows\Installer\MSI460B.tmp
|
"C:\Windows\Installer\MSI460B.tmp" /DontWait /HideWindow "C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe
|
"C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\ImmEnumInputContext9ed8e2f7ae.exe"
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 2FB75800E24C988F6C303CBA6166C7C4
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
156.255.2.100
|
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsjb
|
unknown
|
||
|
http://code.jquery.com/
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsS
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js1.3.6.1.4.1.311.10.3.91.3.6.1.4.1.311.10.3.19
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsdclHbog
|
unknown
|
||
|
https://156.255.2.100:18896/hy
|
unknown
|
||
|
https://156.255.2.100/
|
unknown
|
||
|
https://156.255.2.100:18896/
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js53011b87bd06u
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jststl.cab?c6786262e02c8735
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider
|
unknown
|
||
|
https://156.255.2.100:18896/ll
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsnc
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jst
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsw
|
unknown
|
||
|
http://code.jquery.com/9S
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider7
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsryptnetUrlCache
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsvider
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js-2425835fc7d3
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsc
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsg
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsroviderD
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
156.255.2.100
|
unknown
|
Seychelles
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\4b42f9.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\4b42f9.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\725953D469746E248AB0FD83AD1791C4
|
A62C51908384F644596D0916EAB002B4
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\B855F026C61AF1E4A82F1A9FE7651D9C
|
A62C51908384F644596D0916EAB002B4
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\8B7AD86EF67351D4D90927A4B4FD370A
|
A62C51908384F644596D0916EAB002B4
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\cloudchat.inc\cloudchat\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\cloudchat.inc\
|
||
|
HKEY_CURRENT_USER\SOFTWARE\cloudchat.inc\cloudchat
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\cloudchat.inc\cloudchat
|
Path
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
25F7D900000
|
direct allocation
|
page execute read
|
|
|
|
C000100000
|
direct allocation
|
page read and write
|
|
|
|
25F7CBD1000
|
direct allocation
|
page read and write
|
|
|
|
25F7CB50000
|
direct allocation
|
page execute read
|
|
|
|
C000012000
|
direct allocation
|
page read and write
|
||
|
1145000
|
unkown
|
page read and write
|
||
|
25F75FAC000
|
heap
|
page read and write
|
||
|
FD1000
|
unkown
|
page execute read
|
||
|
25F75FA6000
|
heap
|
page read and write
|
||
|
C000016000
|
direct allocation
|
page read and write
|
||
|
25F7D569000
|
heap
|
page read and write
|
||
|
C0C31FF000
|
stack
|
page read and write
|
||
|
25F7D4F8000
|
heap
|
page read and write
|
||
|
25F75FDD000
|
heap
|
page read and write
|
||
|
25F7D5F1000
|
heap
|
page read and write
|
||
|
25F7D55D000
|
heap
|
page read and write
|
||
|
25F7CBA0000
|
direct allocation
|
page execute read
|
||
|
25F7D615000
|
heap
|
page read and write
|
||
|
25F7D51A000
|
heap
|
page read and write
|
||
|
25F75F1C000
|
heap
|
page read and write
|
||
|
25F75FF8000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
1145000
|
unkown
|
page write copy
|
||
|
C000002000
|
direct allocation
|
page read and write
|
||
|
25F75FD8000
|
heap
|
page read and write
|
||
|
25F75FAF000
|
heap
|
page read and write
|
||
|
25F75FF8000
|
heap
|
page read and write
|
||
|
25F7D569000
|
heap
|
page read and write
|
||
|
C000068000
|
direct allocation
|
page read and write
|
||
|
25F7D567000
|
heap
|
page read and write
|
||
|
25F7D569000
|
heap
|
page read and write
|
||
|
25F76009000
|
heap
|
page read and write
|
||
|
25F7D567000
|
heap
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
25F7CBE7000
|
direct allocation
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
C000008000
|
direct allocation
|
page read and write
|
||
|
47C0000
|
heap
|
page read and write
|
||
|
43B000
|
stack
|
page read and write
|
||
|
25F7D569000
|
heap
|
page read and write
|
||
|
25F75FF2000
|
heap
|
page read and write
|
||
|
25F7D901000
|
direct allocation
|
page read and write
|
||
|
C00002A000
|
direct allocation
|
page read and write
|
||
|
C0C2DFA000
|
stack
|
page read and write
|
||
|
C00004D000
|
direct allocation
|
page read and write
|
||
|
25F75F7E000
|
heap
|
page read and write
|
||
|
C000058000
|
direct allocation
|
page read and write
|
||
|
1147000
|
unkown
|
page write copy
|
||
|
500000
|
unkown
|
page readonly
|
||
|
25F7D565000
|
heap
|
page read and write
|
||
|
25F75FDB000
|
heap
|
page read and write
|
||
|
C00001A000
|
direct allocation
|
page read and write
|
||
|
1148000
|
unkown
|
page read and write
|
||
|
25F7605C000
|
direct allocation
|
page read and write
|
||
|
25F7D56C000
|
heap
|
page read and write
|
||
|
25F75FA7000
|
heap
|
page read and write
|
||
|
49AE000
|
heap
|
page read and write
|
||
|
25F7D569000
|
heap
|
page read and write
|
||
|
25F75FA7000
|
heap
|
page read and write
|
||
|
25F7D552000
|
heap
|
page read and write
|
||
|
C00005C000
|
direct allocation
|
page read and write
|
||
|
25F7D565000
|
heap
|
page read and write
|
||
|
25F75F82000
|
heap
|
page read and write
|
||
|
25F75FA6000
|
heap
|
page read and write
|
||
|
25F76030000
|
heap
|
page read and write
|
||
|
25F7D55D000
|
heap
|
page read and write
|
||
|
498E000
|
stack
|
page read and write
|
||
|
25F75FD8000
|
heap
|
page read and write
|
||
|
25F7D5BD000
|
heap
|
page read and write
|
||
|
25F76009000
|
heap
|
page read and write
|
||
|
25F7D550000
|
heap
|
page read and write
|
||
|
25F75FF8000
|
heap
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
11E5000
|
unkown
|
page write copy
|
||
|
1054000
|
unkown
|
page readonly
|
||
|
54E000
|
unkown
|
page readonly
|
||
|
565000
|
unkown
|
page readonly
|
||
|
25F7D5C2000
|
heap
|
page read and write
|
||
|
C000006000
|
direct allocation
|
page read and write
|
||
|
47C5000
|
heap
|
page read and write
|
||
|
25F75FD8000
|
heap
|
page read and write
|
||
|
C00000A000
|
direct allocation
|
page read and write
|
||
|
25F7D55D000
|
heap
|
page read and write
|
||
|
C000044000
|
direct allocation
|
page read and write
|
||
|
25F76050000
|
direct allocation
|
page read and write
|
||
|
25F7D541000
|
heap
|
page read and write
|
||
|
25F7D4D1000
|
heap
|
page read and write
|
||
|
25F760B0000
|
direct allocation
|
page read and write
|
||
|
561000
|
unkown
|
page write copy
|
||
|
25F7D567000
|
heap
|
page read and write
|
||
|
C0C3DFB000
|
stack
|
page read and write
|
||
|
25F7D565000
|
heap
|
page read and write
|
||
|
25F75FDA000
|
heap
|
page read and write
|
||
|
C000056000
|
direct allocation
|
page read and write
|
||
|
11E6000
|
unkown
|
page readonly
|
||
|
561000
|
unkown
|
page read and write
|
||
|
25F75FDA000
|
heap
|
page read and write
|
||
|
654F000
|
stack
|
page read and write
|
||
|
25F7D541000
|
heap
|
page read and write
|
||
|
25F7D5BD000
|
heap
|
page read and write
|
||
|
1174000
|
unkown
|
page read and write
|
||
|
25F75FDA000
|
heap
|
page read and write
|
||
|
25F7D022000
|
heap
|
page read and write
|
||
|
25F76009000
|
heap
|
page read and write
|
||
|
25F76058000
|
direct allocation
|
page read and write
|
||
|
4B8F000
|
stack
|
page read and write
|
||
|
501000
|
unkown
|
page execute read
|
||
|
25F7D640000
|
heap
|
page read and write
|
||
|
25F76054000
|
direct allocation
|
page read and write
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
25F7CBED000
|
direct allocation
|
page read and write
|
||
|
25F76010000
|
heap
|
page read and write
|
||
|
25F7D640000
|
heap
|
page read and write
|
||
|
25F75FF8000
|
heap
|
page read and write
|
||
|
25F7D565000
|
heap
|
page read and write
|
||
|
11E6000
|
unkown
|
page readonly
|
||
|
25F7D54E000
|
heap
|
page read and write
|
||
|
25F7D54E000
|
heap
|
page read and write
|
||
|
C00003D000
|
direct allocation
|
page read and write
|
||
|
25F7D54E000
|
heap
|
page read and write
|
||
|
116E000
|
unkown
|
page read and write
|
||
|
25F7D55D000
|
heap
|
page read and write
|
||
|
C00003F000
|
direct allocation
|
page read and write
|
||
|
C0C35FE000
|
stack
|
page read and write
|
||
|
25F75FF8000
|
heap
|
page read and write
|
||
|
25F7D567000
|
heap
|
page read and write
|
||
|
C0C43FD000
|
stack
|
page read and write
|
||
|
4CA0000
|
heap
|
page read and write
|
||
|
25F75FDA000
|
heap
|
page read and write
|
||
|
FD0000
|
unkown
|
page readonly
|
||
|
25F75F55000
|
heap
|
page read and write
|
||
|
25F75FD8000
|
heap
|
page read and write
|
||
|
25F75F80000
|
heap
|
page read and write
|
||
|
25F75F7D000
|
heap
|
page read and write
|
||
|
477E000
|
stack
|
page read and write
|
||
|
25F76009000
|
heap
|
page read and write
|
||
|
C0C3FFB000
|
stack
|
page read and write
|
||
|
466C000
|
stack
|
page read and write
|
||
|
25F7D541000
|
heap
|
page read and write
|
||
|
25F7D569000
|
heap
|
page read and write
|
||
|
11DC000
|
unkown
|
page read and write
|
||
|
25F75FD8000
|
heap
|
page read and write
|
||
|
25F75F76000
|
heap
|
page read and write
|
||
|
25F75FF8000
|
heap
|
page read and write
|
||
|
25F7D693000
|
heap
|
page read and write
|
||
|
25F7D567000
|
heap
|
page read and write
|
||
|
25F76009000
|
heap
|
page read and write
|
||
|
25F7D550000
|
heap
|
page read and write
|
||
|
25F75F24000
|
heap
|
page read and write
|
||
|
48E0000
|
heap
|
page read and write
|
||
|
C000004000
|
direct allocation
|
page read and write
|
||
|
25F7D541000
|
heap
|
page read and write
|
||
|
25F7D565000
|
heap
|
page read and write
|
||
|
25F76009000
|
heap
|
page read and write
|
||
|
C00000C000
|
direct allocation
|
page read and write
|
||
|
FD0000
|
unkown
|
page readonly
|
||
|
4998000
|
heap
|
page read and write
|
||
|
25F76009000
|
heap
|
page read and write
|
||
|
25F75FEE000
|
heap
|
page read and write
|
||
|
25F75F82000
|
heap
|
page read and write
|
||
|
25F7D640000
|
heap
|
page read and write
|
||
|
25F75FD8000
|
heap
|
page read and write
|
||
|
668F000
|
stack
|
page read and write
|
||
|
C000080000
|
direct allocation
|
page read and write
|
||
|
25F75FA0000
|
heap
|
page read and write
|
||
|
25F7D5F0000
|
heap
|
page read and write
|
||
|
565000
|
unkown
|
page readonly
|
||
|
25F75FF8000
|
heap
|
page read and write
|
||
|
25F7D4C0000
|
remote allocation
|
page read and write
|
||
|
25F7D4D0000
|
heap
|
page read and write
|
||
|
25F7D54E000
|
heap
|
page read and write
|
||
|
25F7D55D000
|
heap
|
page read and write
|
||
|
25F7D4C0000
|
remote allocation
|
page read and write
|
||
|
25F7D573000
|
heap
|
page read and write
|
||
|
25F75FDB000
|
heap
|
page read and write
|
||
|
48CE000
|
stack
|
page read and write
|
||
|
4DE000
|
stack
|
page read and write
|
||
|
25F7D641000
|
heap
|
page read and write
|
||
|
25F75FDD000
|
heap
|
page read and write
|
||
|
25F75FDD000
|
heap
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
11E5000
|
unkown
|
page write copy
|
||
|
25F760D1000
|
direct allocation
|
page read and write
|
||
|
25F7605A000
|
direct allocation
|
page read and write
|
||
|
501000
|
unkown
|
page execute read
|
||
|
25F761A0000
|
heap
|
page read and write
|
||
|
25F7D567000
|
heap
|
page read and write
|
||
|
C00001C000
|
direct allocation
|
page read and write
|
||
|
25F75FF8000
|
heap
|
page read and write
|
||
|
4C8F000
|
stack
|
page read and write
|
||
|
25F7D56C000
|
heap
|
page read and write
|
||
|
C000028000
|
direct allocation
|
page read and write
|
||
|
C000065000
|
direct allocation
|
page read and write
|
||
|
25F7CBF2000
|
direct allocation
|
page read and write
|
||
|
25F7D58E000
|
heap
|
page read and write
|
||
|
C0C37FE000
|
stack
|
page read and write
|
||
|
25F75F82000
|
heap
|
page read and write
|
||
|
25F7D565000
|
heap
|
page read and write
|
||
|
25F75FF8000
|
heap
|
page read and write
|
||
|
C0C45FE000
|
stack
|
page read and write
|
||
|
25F7D54E000
|
heap
|
page read and write
|
||
|
1054000
|
unkown
|
page readonly
|
||
|
25F7D55D000
|
heap
|
page read and write
|
||
|
25F7D4C0000
|
remote allocation
|
page read and write
|
||
|
25F75FAC000
|
heap
|
page read and write
|
||
|
25F75FF8000
|
heap
|
page read and write
|
||
|
25F76009000
|
heap
|
page read and write
|
||
|
C0C33FE000
|
stack
|
page read and write
|
||
|
11E0000
|
unkown
|
page readonly
|
||
|
25F7D693000
|
heap
|
page read and write
|
||
|
25F75FDB000
|
heap
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
C000060000
|
direct allocation
|
page read and write
|
||
|
C000038000
|
direct allocation
|
page read and write
|
||
|
C000018000
|
direct allocation
|
page read and write
|
||
|
54E000
|
unkown
|
page readonly
|
||
|
25F7D66E000
|
heap
|
page read and write
|
||
|
C00000E000
|
direct allocation
|
page read and write
|
||
|
25F76009000
|
heap
|
page read and write
|
||
|
25F7D66E000
|
heap
|
page read and write
|
||
|
25F75FF2000
|
heap
|
page read and write
|
||
|
658E000
|
stack
|
page read and write
|
||
|
C0C41FE000
|
stack
|
page read and write
|
||
|
11E0000
|
unkown
|
page readonly
|
||
|
25F7CBF0000
|
direct allocation
|
page read and write
|
||
|
25F7CBEA000
|
direct allocation
|
page read and write
|
||
|
25F75FAF000
|
heap
|
page read and write
|
||
|
25F7D54E000
|
heap
|
page read and write
|
||
|
25F761A5000
|
heap
|
page read and write
|
||
|
25F75E20000
|
heap
|
page read and write
|
||
|
25F75F10000
|
heap
|
page read and write
|
||
|
C00002D000
|
direct allocation
|
page read and write
|
||
|
FD1000
|
unkown
|
page execute read
|
||
|
494E000
|
stack
|
page read and write
|
||
|
25F76009000
|
heap
|
page read and write
|
||
|
25F75F16000
|
heap
|
page read and write
|
There are 226 hidden memdumps, click here to show them.