Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_ba8a8a594ca8fa23cd1d4e3bee6863e38899ac_1ee2fc52_23d44693-564a-4aac-9380-f748fbd747a5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\23RE4w32fN\Bunifu_UI_v1.5.3.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\23RE4w32fN\Y-Cleaner.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA17.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Nov 30 06:29:34 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB41.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB61.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\download[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\add[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\download[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\key[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Cleaner.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon
number=0, Archive, ctime=Sat Nov 30 05:29:33 2024, mtime=Sat Nov 30 05:29:33 2024, atime=Sat Nov 30 05:29:33 2024, length=1502720,
window=hide
|
modified
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 644
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.156.72.65/soft/download
|
185.156.72.65
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://185.156.72.65/dll/key
|
185.156.72.65
|
||
|
http://185.156.72.65/files/download
|
185.156.72.65
|
||
|
http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
|
unknown
|
||
|
https://iplogger.org/1Pz8p7
|
unknown
|
||
|
https://g-cleanit.hk
|
unknown
|
||
|
http://185.156.72.65/add?substr=mixtwo&s=three&sub=nosub
|
185.156.72.65
|
||
|
http://185.156.72.65/dll/download
|
185.156.72.65
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.156.72.65
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
ProgramId
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
FileId
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
LongPathHash
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
Name
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
Publisher
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
Version
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
BinaryType
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
ProductName
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
ProductVersion
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
LinkDate
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
Size
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
Language
|
|
|
|
\REGISTRY\A\{bbd77309-5da0-d09f-93e6-9d17547ba310}\Root\InventoryApplicationFile\file.exe|634507f567776d77
|
Usn
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
4A20000
|
direct allocation
|
page read and write
|
|
|
|
4930000
|
direct allocation
|
page execute and read and write
|
|
|
|
267C000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
420E000
|
stack
|
page read and write
|
||
|
520B000
|
stack
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
B1E000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
5DA1000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
5AF4000
|
heap
|
page read and write
|
||
|
5A81000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5980000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
2C7F000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
3A3F000
|
stack
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
47D0000
|
direct allocation
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5497000
|
heap
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
27BE000
|
stack
|
page read and write
|
||
|
37FE000
|
stack
|
page read and write
|
||
|
5A10000
|
heap
|
page read and write
|
||
|
4980000
|
direct allocation
|
page execute and read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4E8F000
|
stack
|
page read and write
|
||
|
49D0000
|
direct allocation
|
page execute and read and write
|
||
|
408F000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5F1000
|
unkown
|
page execute and read and write
|
||
|
53EA000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
3F3F000
|
stack
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
4310000
|
heap
|
page read and write
|
||
|
32BF000
|
stack
|
page read and write
|
||
|
36BE000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5DBD000
|
heap
|
page read and write
|
||
|
37BF000
|
stack
|
page read and write
|
||
|
5B3B000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5987000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
3E3E000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
54F2000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
526C000
|
heap
|
page read and write
|
||
|
5B06000
|
heap
|
page read and write
|
||
|
33FF000
|
stack
|
page read and write
|
||
|
49C0000
|
direct allocation
|
page execute and read and write
|
||
|
5C61000
|
heap
|
page read and write
|
||
|
5BE3000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5C4E000
|
heap
|
page read and write
|
||
|
5581000
|
heap
|
page read and write
|
||
|
470000
|
unkown
|
page execute and read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
5495000
|
heap
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
5DCB000
|
heap
|
page read and write
|
||
|
AEF000
|
stack
|
page read and write
|
||
|
54F0000
|
heap
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
277F000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5A92000
|
heap
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
598F000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5305000
|
heap
|
page read and write
|
||
|
40CE000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5987000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page execute and read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
526B000
|
heap
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4350000
|
heap
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
54DA000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
47D0000
|
direct allocation
|
page read and write
|
||
|
49E0000
|
direct allocation
|
page execute and read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
393E000
|
stack
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
5980000
|
heap
|
page read and write
|
||
|
BDC000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5C46000
|
heap
|
page read and write
|
||
|
4F8F000
|
stack
|
page read and write
|
||
|
481C000
|
stack
|
page read and write
|
||
|
50CE000
|
stack
|
page read and write
|
||
|
49F0000
|
direct allocation
|
page execute and read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5BB6000
|
heap
|
page read and write
|
||
|
52ED000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4AB0000
|
heap
|
page read and write
|
||
|
6FD000
|
unkown
|
page execute and read and write
|
||
|
41CF000
|
stack
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
54F8000
|
heap
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
38FF000
|
stack
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
8A7000
|
unkown
|
page execute and write copy
|
||
|
5338000
|
heap
|
page read and write
|
||
|
5988000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5ADA000
|
heap
|
page read and write
|
||
|
5AD2000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
598F000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
47E0000
|
direct allocation
|
page read and write
|
||
|
10018000
|
direct allocation
|
page read and write
|
||
|
5581000
|
heap
|
page read and write
|
||
|
3B7F000
|
stack
|
page read and write
|
||
|
4970000
|
direct allocation
|
page execute and read and write
|
||
|
47D0000
|
direct allocation
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
2537000
|
heap
|
page read and write
|
||
|
4D8F000
|
stack
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
5305000
|
heap
|
page read and write
|
||
|
4342000
|
heap
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
5ACD000
|
heap
|
page read and write
|
||
|
5C15000
|
heap
|
page read and write
|
||
|
480B000
|
direct allocation
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
D4F000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
530D000
|
heap
|
page read and write
|
||
|
5A1C000
|
heap
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
52A7000
|
heap
|
page read and write
|
||
|
5659000
|
heap
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
5AD0000
|
heap
|
page read and write
|
||
|
5497000
|
heap
|
page read and write
|
||
|
252E000
|
stack
|
page read and write
|
||
|
3CBF000
|
stack
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
BF1000
|
heap
|
page read and write
|
||
|
5984000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
466000
|
unkown
|
page write copy
|
||
|
2B3F000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5495000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
4930000
|
direct allocation
|
page execute and read and write
|
||
|
6F3000
|
unkown
|
page execute and read and write
|
||
|
430F000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4BBF000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
8A3000
|
unkown
|
page execute and write copy
|
||
|
4340000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
5ADC000
|
heap
|
page read and write
|
||
|
5A43000
|
heap
|
page read and write
|
||
|
5C50000
|
heap
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
701000
|
unkown
|
page execute and write copy
|
||
|
8A2000
|
unkown
|
page execute and read and write
|
||
|
3DFF000
|
stack
|
page read and write
|
||
|
52A8000
|
heap
|
page read and write
|
||
|
4FCE000
|
stack
|
page read and write
|
||
|
5B5C000
|
heap
|
page read and write
|
||
|
3CFE000
|
stack
|
page read and write
|
||
|
5A5D000
|
heap
|
page read and write
|
||
|
4940000
|
direct allocation
|
page execute and read and write
|
||
|
BBC000
|
heap
|
page read and write
|
||
|
5C4F000
|
heap
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
5984000
|
heap
|
page read and write
|
||
|
45F000
|
unkown
|
page execute and read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4C3E000
|
stack
|
page read and write
|
||
|
5497000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5983000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4780000
|
direct allocation
|
page execute and read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
3A7E000
|
stack
|
page read and write
|
||
|
466000
|
unkown
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
53EA000
|
heap
|
page read and write
|
||
|
8A6000
|
unkown
|
page execute and read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
367F000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5AB5000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
4950000
|
direct allocation
|
page execute and read and write
|
||
|
B1A000
|
heap
|
page read and write
|
||
|
2EFF000
|
stack
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5B88000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
701000
|
unkown
|
page execute and read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
5983000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4360000
|
heap
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
5A61000
|
heap
|
page read and write
|
||
|
491F000
|
stack
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
263F000
|
stack
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
4330000
|
direct allocation
|
page read and write
|
||
|
53EA000
|
heap
|
page read and write
|
||
|
5DB3000
|
heap
|
page read and write
|
||
|
4960000
|
direct allocation
|
page execute and read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
3F8E000
|
stack
|
page read and write
|
||
|
5A2E000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
5DBB000
|
heap
|
page read and write
|
||
|
3BBE000
|
stack
|
page read and write
|
||
|
4990000
|
direct allocation
|
page execute and read and write
|
||
|
5AE0000
|
heap
|
page read and write
|
||
|
3F40000
|
heap
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page execute and read and write
|
||
|
5AB9000
|
heap
|
page read and write
|
||
|
5338000
|
heap
|
page read and write
|
||
|
5493000
|
heap
|
page read and write
|
||
|
4341000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
702000
|
unkown
|
page execute and write copy
|
||
|
10011000
|
direct allocation
|
page readonly
|
||
|
4341000
|
heap
|
page read and write
|
||
|
531A000
|
heap
|
page read and write
|
||
|
52ED000
|
heap
|
page read and write
|
There are 325 hidden memdumps, click here to show them.