Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_fafd47531ab6d510499988ddace487f076f293_c8b7b6aa_054ca832-4da3-4a14-8550-eae3a2a1cc01\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\eJeEe574sR26w1rs\Bunifu_UI_v1.5.3.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\eJeEe574sR26w1rs\Y-Cleaner.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC34.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Dec 10 03:49:47 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD00.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD30.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\download[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\fuckingdllENCR[1].dll
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\download[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\key[1].htm
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\Cleaner.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon
number=0, Archive, ctime=Tue Dec 10 02:49:46 2024, mtime=Tue Dec 10 02:49:46 2024, atime=Tue Dec 10 02:49:46 2024, length=1502720,
window=hide
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 576
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://80.82.65.70/soft/download
|
80.82.65.70
|
||
|
http://80.82.65.70/soft/downloadws
|
unknown
|
||
|
http://80.82.65.70/files/download.
|
unknown
|
||
|
http://80.82.65.70/files/downloadSs9
|
unknown
|
||
|
http://80.82.65.70/files/download2
|
unknown
|
||
|
http://80.82.65.70/dll/key5
|
unknown
|
||
|
http://80.82.65.70/dll/keyU
|
unknown
|
||
|
http://80.82.65.70/add?substr=mixtwo&s=three&sub=empB
|
unknown
|
||
|
https://g-cleanit.hk
|
unknown
|
||
|
http://80.82.65.70/add?substr=mixtwo&s=three&sub=emp
|
80.82.65.70
|
||
|
http://80.82.65.70/dll/download
|
80.82.65.70
|
||
|
http://80.82.65.70/files/downloadGs-
|
unknown
|
||
|
http://80.82.65.70/files/downloadws
|
unknown
|
||
|
http://80.82.65.70/dll/downloadv5
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://80.82.65.70/dll/key
|
80.82.65.70
|
||
|
http://80.82.65.70/soft/downloadSs9
|
unknown
|
||
|
http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
|
unknown
|
||
|
https://iplogger.org/1Pz8p7
|
unknown
|
||
|
http://80.82.65.70/files/downloadMsW
|
unknown
|
||
|
http://80.82.65.70/files/download
|
80.82.65.70
|
There are 11 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
80.82.65.70
|
unknown
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProgramId
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
FileId
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LongPathHash
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Name
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Publisher
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Version
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinaryType
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProductName
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProductVersion
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LinkDate
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Size
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Language
|
|
|
|
\REGISTRY\A\{31489564-7aa9-bcbe-497f-b09b6d3e8f32}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Usn
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
596E000
|
heap
|
page read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
5FA5000
|
heap
|
page read and write
|
||
|
C76000
|
unkown
|
page execute and write copy
|
||
|
2A8D000
|
heap
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
ECA000
|
heap
|
page read and write
|
||
|
3A4F000
|
stack
|
page read and write
|
||
|
6109000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
5831000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page execute and read and write
|
||
|
380E000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
59DF000
|
heap
|
page read and write
|
||
|
3CCF000
|
stack
|
page read and write
|
||
|
5F18000
|
heap
|
page read and write
|
||
|
5A41000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
46E0000
|
heap
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
570E000
|
stack
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page read and write
|
||
|
6292000
|
heap
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
5E4B000
|
heap
|
page read and write
|
||
|
3B8F000
|
stack
|
page read and write
|
||
|
C6A000
|
unkown
|
page execute and write copy
|
||
|
56CD000
|
heap
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
500F000
|
stack
|
page read and write
|
||
|
5F9B000
|
heap
|
page read and write
|
||
|
56C5000
|
heap
|
page read and write
|
||
|
548E000
|
stack
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
ECE000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
449E000
|
stack
|
page read and write
|
||
|
58D9000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
80E000
|
unkown
|
page write copy
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4BAE000
|
direct allocation
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
4714000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4BD3000
|
direct allocation
|
page read and write
|
||
|
FA7000
|
heap
|
page read and write
|
||
|
4CFF000
|
stack
|
page read and write
|
||
|
5E4C000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
4D50000
|
direct allocation
|
page execute and read and write
|
||
|
59B2000
|
heap
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page execute and read and write
|
||
|
4D80000
|
direct allocation
|
page execute and read and write
|
||
|
62A0000
|
heap
|
page read and write
|
||
|
435E000
|
stack
|
page read and write
|
||
|
394E000
|
stack
|
page read and write
|
||
|
459F000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
390F000
|
stack
|
page read and write
|
||
|
AC2000
|
unkown
|
page execute and write copy
|
||
|
4711000
|
heap
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
596E000
|
heap
|
page read and write
|
||
|
9AE000
|
unkown
|
page execute and read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
6019000
|
heap
|
page read and write
|
||
|
60DE000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
4D20000
|
direct allocation
|
page execute and read and write
|
||
|
58AA000
|
heap
|
page read and write
|
||
|
60F8000
|
heap
|
page read and write
|
||
|
822000
|
unkown
|
page execute and read and write
|
||
|
6092000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
58AA000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
6290000
|
heap
|
page read and write
|
||
|
4D40000
|
direct allocation
|
page execute and read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
58D9000
|
heap
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
58AA000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5E4D000
|
heap
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
4D90000
|
direct allocation
|
page execute and read and write
|
||
|
580F000
|
stack
|
page read and write
|
||
|
5E40000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
4310000
|
heap
|
page read and write
|
||
|
586D000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5F9D000
|
heap
|
page read and write
|
||
|
5FE9000
|
heap
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
5FA7000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
6113000
|
heap
|
page read and write
|
||
|
4D40000
|
direct allocation
|
page execute and read and write
|
||
|
6111000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
46DF000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page execute and read and write
|
||
|
4D70000
|
direct allocation
|
page execute and read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
510F000
|
stack
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5E4C000
|
heap
|
page read and write
|
||
|
3E0F000
|
stack
|
page read and write
|
||
|
56C5000
|
heap
|
page read and write
|
||
|
AC1000
|
unkown
|
page execute and write copy
|
||
|
624A000
|
heap
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page read and write
|
||
|
56CD000
|
heap
|
page read and write
|
||
|
420E000
|
stack
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5672000
|
heap
|
page read and write
|
||
|
4730000
|
heap
|
page read and write
|
||
|
41CF000
|
stack
|
page read and write
|
||
|
445F000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5EF7000
|
heap
|
page read and write
|
||
|
36CE000
|
stack
|
page read and write
|
||
|
3E4E000
|
stack
|
page read and write
|
||
|
5E4A000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5F81000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
586C000
|
heap
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
5A41000
|
heap
|
page read and write
|
||
|
C75000
|
unkown
|
page execute and read and write
|
||
|
6288000
|
heap
|
page read and write
|
||
|
5F6E000
|
heap
|
page read and write
|
||
|
40CE000
|
stack
|
page read and write
|
||
|
F89000
|
heap
|
page read and write
|
||
|
58D9000
|
heap
|
page read and write
|
||
|
EDF000
|
heap
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
58D9000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page execute and read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
5FB2000
|
heap
|
page read and write
|
||
|
6136000
|
heap
|
page read and write
|
||
|
5672000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
538E000
|
stack
|
page read and write
|
||
|
4BD1000
|
direct allocation
|
page read and write
|
||
|
EBF000
|
stack
|
page read and write
|
||
|
5672000
|
heap
|
page read and write
|
||
|
FBC000
|
heap
|
page read and write
|
||
|
5F2A000
|
heap
|
page read and write
|
||
|
5673000
|
heap
|
page read and write
|
||
|
58AA000
|
heap
|
page read and write
|
||
|
358E000
|
stack
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
55CB000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5F4A000
|
heap
|
page read and write
|
||
|
434000
|
unkown
|
page execute and read and write
|
||
|
5E44000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
56A7000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4D30000
|
direct allocation
|
page execute and read and write
|
||
|
55E8000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4810000
|
trusted library allocation
|
page read and write
|
||
|
58AA000
|
heap
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
520F000
|
stack
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
EE8000
|
heap
|
page read and write
|
||
|
4BFC000
|
stack
|
page read and write
|
||
|
5F42000
|
heap
|
page read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
3F4F000
|
stack
|
page read and write
|
||
|
5E43000
|
heap
|
page read and write
|
||
|
4DB0000
|
direct allocation
|
page execute and read and write
|
||
|
10FF000
|
stack
|
page read and write
|
||
|
EEC000
|
heap
|
page execute and read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
59C8000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
5EF0000
|
heap
|
page read and write
|
||
|
54CE000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4DC0000
|
direct allocation
|
page execute and read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5FB7000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5E47000
|
heap
|
page read and write
|
||
|
EE6000
|
heap
|
page read and write
|
||
|
6050000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
C69000
|
unkown
|
page execute and read and write
|
||
|
AC1000
|
unkown
|
page execute and read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
5F6D000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
4720000
|
heap
|
page read and write
|
||
|
4D10000
|
direct allocation
|
page execute and read and write
|
||
|
80E000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
368F000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
5E42000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
534F000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page read and write
|
||
|
5A40000
|
heap
|
page read and write
|
||
|
2A87000
|
heap
|
page read and write
|
||
|
10011000
|
direct allocation
|
page readonly
|
||
|
55DF000
|
heap
|
page read and write
|
||
|
3BCE000
|
stack
|
page read and write
|
||
|
3F8E000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
56A7000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5692000
|
heap
|
page read and write
|
||
|
56C6000
|
heap
|
page read and write
|
||
|
4D10000
|
direct allocation
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
4DA0000
|
direct allocation
|
page execute and read and write
|
||
|
596F000
|
heap
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
3D0E000
|
stack
|
page read and write
|
||
|
5F8F000
|
heap
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
5E43000
|
heap
|
page read and write
|
||
|
F09000
|
heap
|
page read and write
|
||
|
56C5000
|
heap
|
page read and write
|
||
|
5692000
|
heap
|
page read and write
|
||
|
567A000
|
heap
|
page read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
5A41000
|
heap
|
page read and write
|
||
|
AB2000
|
unkown
|
page execute and read and write
|
||
|
58D9000
|
heap
|
page read and write
|
||
|
596C000
|
heap
|
page read and write
|
||
|
430F000
|
stack
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
37CF000
|
stack
|
page read and write
|
||
|
3A8E000
|
stack
|
page read and write
|
||
|
5ED6000
|
heap
|
page read and write
|
||
|
4D40000
|
direct allocation
|
page execute and read and write
|
||
|
408F000
|
stack
|
page read and write
|
||
|
10018000
|
direct allocation
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
5EFF000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
45DE000
|
stack
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
4E0E000
|
stack
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
5E45000
|
heap
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
There are 320 hidden memdumps, click here to show them.