IOC Report
ZJGkxGuyIT.exe

loading gif

Files

File Path
Type
Category
Malicious
ZJGkxGuyIT.dll
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_regsvr32.exe_535451c67ed13a7d61656632ce4c87290bfb9a_e29f7403_f08926e4-7646-4698-b05e-04c478fb93ab\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_ZJG_21de29d3d03af62e3c347fc53eb90afbeb77c51_8423aa97_ca914613-ecdc-4770-9312-bb71d7b1943e\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER460A.tmp.dmp
Mini DuMP crash report, 14 streams, Sat Oct 26 03:36:01 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4658.tmp.dmp
Mini DuMP crash report, 14 streams, Sat Oct 26 03:36:01 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER46F6.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4725.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4783.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4801.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll64.exe
loaddll64.exe "C:\Users\user\Desktop\ZJGkxGuyIT.dll"
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\ZJGkxGuyIT.dll",#1
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\ZJGkxGuyIT.dll,DllInstall
 malicious
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Users\user\Desktop\C:\Users\user\Desktop\ZJGkxGuyIT.dll,DllInstall 2580
malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\ZJGkxGuyIT.dll,DllRegisterServer
 malicious
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Users\user\Desktop\C:\Users\user\Desktop\ZJGkxGuyIT.dll,DllRegisterServer 6976
malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\ZJGkxGuyIT.dll,DllUnregisterServer
 malicious
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Users\user\Desktop\C:\Users\user\Desktop\ZJGkxGuyIT.dll,DllUnregisterServer 6220
malicious
C:\Windows\System32\loaddll64.exe
C:\Windows\system32\loaddll64.exe C:\Users\user\Desktop\C:\Users\user\Desktop\ZJGkxGuyIT.dll 6296
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\ZJGkxGuyIT.dll",#1
C:\Windows\System32\regsvr32.exe
regsvr32.exe /i /s C:\Users\user\Desktop\ZJGkxGuyIT.dll
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6720 -s 452
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6772 -s 400
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 5 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://upx.sf.net
unknown

Registry

Path
Value
Malicious
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
ProgramId
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
FileId
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
LowerCaseLongPath
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
LongPathHash
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
Name
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
OriginalFileName
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
Publisher
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
Version
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
BinFileVersion
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
BinaryType
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
ProductName
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
ProductVersion
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
LinkDate
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
BinProductVersion
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
AppxPackageFullName
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
AppxPackageRelativeId
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
Size
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
Language
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
IsOsComponent
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
Usn
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
ProgramId
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
FileId
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
LowerCaseLongPath
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
LongPathHash
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Name
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
OriginalFileName
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Publisher
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Version
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
BinFileVersion
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
BinaryType
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
ProductName
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
ProductVersion
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
LinkDate
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
BinProductVersion
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
AppxPackageFullName
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
AppxPackageRelativeId
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Size
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Language
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
IsOsComponent
\REGISTRY\A\{0765d45c-06d8-381f-e0bb-26a7b8df8b13}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
Usn
There are 30 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
DE0000
heap
page read and write
273DD1E0000
heap
page read and write
196F0F78000
direct allocation
page read and write
2B28000
direct allocation
page read and write
1FFB8B09000
heap
page read and write
2B10000
direct allocation
page read and write
7FFE0E130000
unkown
page readonly
1FFB6DB0000
direct allocation
page read and write
F6BB87F000
stack
page read and write
D8B000
stack
page read and write
7FFE0E187000
unkown
page read and write
2542764F000
direct allocation
page read and write
224A20D7000
heap
page read and write
1E0BE837000
heap
page read and write
1FFB6F5D000
direct allocation
page read and write
2C13000
direct allocation
page read and write
224A20C7000
heap
page read and write
196F0FBD000
direct allocation
page read and write
26F88C50000
heap
page read and write
26F88B50000
heap
page read and write
1E0BE700000
remote allocation
page execute read
36CA000
heap
page read and write
273DABC0000
heap
page read and write
273DCF5A000
heap
page read and write
1FFB6F4E000
direct allocation
page read and write
1FFB6F83000
direct allocation
page read and write
26F88A30000
remote allocation
page execute read
7FFE0E170000
unkown
page read and write
196EF420000
heap
page read and write
27B70CA6000
heap
page read and write
7FFE0E17E000
unkown
page read and write
7FFE0E187000
unkown
page read and write
1FFB6E0D000
heap
page read and write
27B70C50000
heap
page read and write
7FFE0E181000
unkown
page read and write
273DABC5000
heap
page read and write
1FFB9485000
heap
page read and write
2C1C000
direct allocation
page read and write
273DABE7000
heap
page read and write
196F0F50000
heap
page read and write
25427540000
heap
page read and write
196F0FAE000
direct allocation
page read and write
27B70CA2000
heap
page read and write
273DC610000
heap
page read and write
1E0BE82A000
heap
page read and write
7FFE0E17E000
unkown
page read and write
254279F0000
heap
page execute read
234B75F8000
heap
page read and write
7FFE0E186000
unkown
page readonly
27B70CB3000
heap
page read and write
273DC9EE000
heap
page read and write
6FD7CFE000
stack
page read and write
273DC5CE000
direct allocation
page read and write
27B70E05000
heap
page read and write
273DC5D4000
direct allocation
page read and write
8D40EFF000
stack
page read and write
1FFB6F14000
direct allocation
page read and write
196F17B1000
heap
page read and write
224A20D3000
heap
page read and write
27B70C80000
heap
page read and write
234B7815000
heap
page read and write
2542840F000
heap
page read and write
7FFE0E159000
unkown
page read and write
1FFB88E0000
heap
page execute read
27B73FC3000
heap
page read and write
196F1329000
heap
page read and write
273DAB40000
heap
page read and write
7FFE0E16C000
unkown
page readonly
7FFE0E17E000
unkown
page read and write
224A2280000
heap
page read and write
3842000
heap
page read and write
234B905D000
direct allocation
page read and write
254276FC000
direct allocation
page read and write
234B9481000
heap
page read and write
27B70CAD000
heap
page read and write
7FFE0E187000
unkown
page read and write
25428008000
heap
page read and write
7FFE0E131000
unkown
page execute read
26F88CD0000
heap
page read and write
1FFB930D000
heap
page read and write
196F1536000
heap
page read and write
1FFB6F58000
direct allocation
page read and write
7FFE0E159000
unkown
page read and write
224A20CE000
heap
page read and write
273DC5B3000
direct allocation
page read and write
196F1BB4000
heap
page read and write
27B73F40000
heap
page read and write
25425D45000
heap
page read and write
2B24000
direct allocation
page read and write
1E0BE833000
heap
page read and write
F6BB5FC000
stack
page read and write
1FFB6F74000
direct allocation
page read and write
234B9000000
direct allocation
page read and write
273DC5DD000
direct allocation
page read and write
6FD7DFE000
stack
page read and write
234B9014000
direct allocation
page read and write
7FFE0E186000
unkown
page readonly
273DC58F000
direct allocation
page read and write
1E0BEB20000
heap
page read and write
1FFB8AF0000
heap
page read and write
E2B78FD000
stack
page read and write
273DABE0000
heap
page read and write
1E0BE82E000
heap
page read and write
1E0BE910000
heap
page read and write
38CC000
heap
page read and write
27B70B50000
remote allocation
page execute read
7FFE0E170000
unkown
page read and write
27B70C96000
heap
page read and write
224A22A3000
heap
page read and write
224A2010000
heap
page read and write
25427694000
direct allocation
page read and write
25425C18000
heap
page read and write
7FFE0E18A000
unkown
page readonly
1040000
heap
page read and write
7FFE0E186000
unkown
page readonly
273DAA60000
heap
page read and write
224A20B0000
heap
page read and write
1E0BE83F000
heap
page read and write
27B70CA2000
heap
page read and write
27B70E00000
heap
page read and write
25425D40000
heap
page read and write
EAA2479000
stack
page read and write
2542769D000
direct allocation
page read and write
254276F3000
direct allocation
page read and write
27B70CA6000
heap
page read and write
1FFB8F05000
heap
page read and write
303A000
heap
page read and write
2542820D000
heap
page read and write
224A22A0000
heap
page read and write
7FFE0E170000
unkown
page read and write
FB7E27F000
stack
page read and write
F6BB8FF000
stack
page read and write
1FFB910A000
heap
page read and write
273DC5F4000
direct allocation
page read and write
196F10E0000
heap
page read and write
196F15B2000
heap
page read and write
2B1F000
direct allocation
page read and write
B9C815F000
stack
page read and write
234B9309000
heap
page read and write
7FFE0E170000
unkown
page read and write
7FFE0E131000
unkown
page execute read
1E0BE930000
heap
page read and write
27B70D80000
heap
page read and write
234B9074000
direct allocation
page read and write
27B70C99000
heap
page read and write
1E0BEAF3000
heap
page read and write
224A2030000
heap
page read and write
196F1D2C000
heap
page read and write
273DC5D8000
direct allocation
page read and write
7FFE0E130000
unkown
page readonly
1E0BE833000
heap
page read and write
1E0BE838000
heap
page read and write
273DCFEF000
heap
page read and write
234B92F0000
heap
page execute read
7FFE0E16C000
unkown
page readonly
7FFE0E187000
unkown
page read and write
234B9E7E000
heap
page read and write
25428385000
heap
page read and write
34C6000
heap
page read and write
3441000
heap
page read and write
196F1003000
direct allocation
page read and write
273DAB60000
heap
page read and write
7FFE0E170000
unkown
page read and write
1FFB6F33000
direct allocation
page read and write
7FFE0E18A000
unkown
page readonly
273DCB66000
heap
page read and write
25428587000
heap
page read and write
2C00000
heap
page read and write
25427680000
direct allocation
page read and write
224A1FE0000
remote allocation
page execute read
1FFB6D70000
heap
page read and write
2542768E000
direct allocation
page read and write
196F19BC000
heap
page read and write
90B0E7C000
stack
page read and write
27B70C9F000
heap
page read and write
234B9038000
direct allocation
page read and write
7FFE0E18A000
unkown
page readonly
273DCDE2000
heap
page read and write
273DC586000
direct allocation
page read and write
224A2000000
heap
page read and write
196F0FE0000
heap
page read and write
1FFB6F8C000
direct allocation
page read and write
196F1B34000
heap
page read and write
7FFE0E15A000
unkown
page readonly
7FFE0E15A000
unkown
page readonly
273DC673000
direct allocation
page read and write
196EF458000
heap
page read and write
234B77E0000
heap
page read and write
7FFE0E15A000
unkown
page readonly
7FFE0E130000
unkown
page readonly
196EF635000
heap
page read and write
196F0FB4000
direct allocation
page read and write
273DC600000
direct allocation
page read and write
273DC67C000
direct allocation
page read and write
254276C0000
direct allocation
page read and write
224A20CA000
heap
page read and write
224A20CA000
heap
page read and write
273DCD63000
heap
page read and write
1FFB6F00000
direct allocation
page read and write
234B904E000
direct allocation
page read and write
1FFB9502000
heap
page read and write
234B9058000
direct allocation
page read and write
10A0000
heap
page read and write
27B70CA7000
heap
page read and write
234B9A87000
heap
page read and write
27B70CA2000
heap
page read and write
2A8F000
stack
page read and write
310E889000
stack
page read and write
273DC7D0000
heap
page read and write
234B75F0000
heap
page read and write
234B9054000
direct allocation
page read and write
25427D7C000
heap
page read and write
273DC5B8000
direct allocation
page read and write
7FFE0E130000
unkown
page readonly
2B3D000
direct allocation
page read and write
1E0BE827000
heap
page read and write
2B6D000
direct allocation
page read and write
27B70CA3000
heap
page read and write
234B9D06000
heap
page read and write
234B75D0000
heap
page read and write
7FFE0E15A000
unkown
page readonly
90B0EFE000
stack
page read and write
1FFB6E00000
heap
page read and write
224A20D0000
heap
page read and write
234B970F000
heap
page read and write
1FFB6F54000
direct allocation
page read and write
196F11B1000
heap
page read and write
7FFE0E181000
unkown
page read and write
7FFE0E186000
unkown
page readonly
224A3C00000
heap
page read and write
1E0BE82A000
heap
page read and write
224A20E5000
heap
page read and write
273DCBEB000
heap
page read and write
1060000
direct allocation
page read and write
25427674000
direct allocation
page read and write
FB7E2FF000
stack
page read and write
25425C10000
heap
page read and write
1E0BEAF0000
heap
page read and write
234B9034000
direct allocation
page read and write
26F88A50000
heap
page read and write
196F100C000
direct allocation
page read and write
7FFE0E159000
unkown
page read and write
1FFB6E1F000
heap
page read and write
234B902D000
direct allocation
page read and write
196EF410000
heap
page read and write
FB7DF9C000
stack
page read and write
1E0BE834000
heap
page read and write
1FFB6DD0000
heap
page read and write
1FFB6D90000
heap
page read and write
2B68000
direct allocation
page read and write
196F0F30000
direct allocation
page read and write
234B9080000
direct allocation
page read and write
234B91F0000
heap
page read and write
196F172A000
heap
page read and write
196F0F98000
direct allocation
page read and write
7FFE0E16C000
unkown
page readonly
25425D10000
heap
page read and write
27B747D0000
heap
page read and write
2542766D000
direct allocation
page read and write
224A231B000
heap
page read and write
7FFE0E17E000
unkown
page read and write
224A20D7000
heap
page read and write
1E0BE837000
heap
page read and write
196F0F6F000
direct allocation
page read and write
2B84000
direct allocation
page read and write
224A20DF000
heap
page read and write
234B900F000
direct allocation
page read and write
1FFB6F38000
direct allocation
page read and write
1E0BE810000
heap
page read and write
7FFE0E187000
unkown
page read and write
27B70B70000
heap
page read and write
25427F87000
heap
page read and write
1FFB907D000
heap
page read and write
1E0BE833000
heap
page read and write
234B9B0B000
heap
page read and write
196F0F8D000
direct allocation
page read and write
273DC966000
heap
page read and write
1E0BEB00000
heap
page read and write
196F11A0000
heap
page execute read
1070000
heap
page read and write
26F88C30000
heap
page read and write
7FFE0E18A000
unkown
page readonly
224A2310000
heap
page read and write
7FFE0E131000
unkown
page execute read
1E0C02D0000
heap
page read and write
1E0C1FB0000
trusted library allocation
page read and write
7FFE0E15A000
unkown
page readonly
224A20D8000
heap
page read and write
8D40F7F000
stack
page read and write
1FFB8D06000
heap
page read and write
1E0BE833000
heap
page read and write
25427640000
direct allocation
page read and write
8D40E7C000
stack
page read and write
2B0F000
stack
page read and write
3244000
heap
page read and write
196F1929000
heap
page read and write
196F13BE000
heap
page read and write
7FFE0E181000
unkown
page read and write
7FFE0E131000
unkown
page execute read
25425BF0000
heap
page read and write
196F0F66000
direct allocation
page read and write
27B70C88000
heap
page read and write
7FFE0E130000
unkown
page readonly
234B9C83000
heap
page read and write
273DC5AD000
direct allocation
page read and write
1FFB967A000
heap
page read and write
2B16000
direct allocation
page read and write
7FFE0E131000
unkown
page execute read
1E0BE818000
heap
page read and write
234B990F000
heap
page read and write
273DC660000
heap
page read and write
1FFB7020000
heap
page read and write
1FFB8C81000
heap
page read and write
7FFE0E186000
unkown
page readonly
7FFE0E181000
unkown
page read and write
7FFE0E170000
unkown
page read and write
25427654000
direct allocation
page read and write
32C9000
heap
page read and write
7FFE0E15A000
unkown
page readonly
1FFB9282000
heap
page read and write
196F0FA0000
direct allocation
page read and write
27B70CA2000
heap
page read and write
7FFE0E18A000
unkown
page readonly
196F0F74000
direct allocation
page read and write
1010000
heap
page read and write
2B64000
direct allocation
page read and write
1FFB8940000
heap
page read and write
2EC2000
heap
page read and write
224A2315000
heap
page read and write
196EF630000
heap
page read and write
27B70C99000
heap
page read and write
25425B10000
heap
page read and write
1E0BEB2B000
heap
page read and write
7FFE0E16C000
unkown
page readonly
273DC580000
direct allocation
page read and write
7FFE0E187000
unkown
page read and write
196F0FB8000
direct allocation
page read and write
273DC760000
heap
page execute read
234B9508000
heap
page read and write
90B0FFF000
stack
page read and write
25427678000
direct allocation
page read and write
7FFE0E186000
unkown
page readonly
7FFE0E16C000
unkown
page readonly
7FFE0E131000
unkown
page execute read
7FFE0E159000
unkown
page read and write
234B77C0000
heap
page read and write
25428180000
heap
page read and write
B9C80DA000
stack
page read and write
27B73FD0000
trusted library allocation
page read and write
7FFE0E18A000
unkown
page readonly
2EB0000
heap
page execute read
234B9887000
heap
page read and write
7FFE0E181000
unkown
page read and write
25427698000
direct allocation
page read and write
1FFB6F0F000
direct allocation
page read and write
1E0BEB25000
heap
page read and write
224A20D3000
heap
page read and write
2B50000
direct allocation
page read and write
1045000
heap
page read and write
1E0BE830000
heap
page read and write
10A9000
heap
page read and write
1FFB6C90000
heap
page read and write
7FFE0E16C000
unkown
page readonly
25427A07000
heap
page read and write
196EF640000
heap
page read and write
224A20D3000
heap
page read and write
3A44000
heap
page read and write
234B9040000
direct allocation
page read and write
27B73FC0000
heap
page read and write
224A20B8000
heap
page read and write
26F88A5A000
heap
page read and write
273DD358000
heap
page read and write
234B90B0000
heap
page read and write
1FFB6F06000
direct allocation
page read and write
27B70C9D000
heap
page read and write
1E0BE844000
heap
page read and write
224A20D3000
heap
page read and write
DD0000
heap
page read and write
1FFB6F2D000
direct allocation
page read and write
7FFE0E17E000
unkown
page read and write
254276D0000
heap
page read and write
30CC000
heap
page read and write
7FFE0E130000
unkown
page readonly
363E000
heap
page read and write
25427820000
heap
page read and write
7FFE0E159000
unkown
page read and write
25427E0F000
heap
page read and write
234B9006000
direct allocation
page read and write
2B48000
direct allocation
page read and write
25427B7F000
heap
page read and write
224A5890000
trusted library allocation
page read and write
1FFB7025000
heap
page read and write
7FFE0E17E000
unkown
page read and write
27B70E0B000
heap
page read and write
234B7810000
heap
page read and write
196EF450000
heap
page read and write
254276B4000
direct allocation
page read and write
6FD796B000
stack
page read and write
273DC594000
direct allocation
page read and write
234B9680000
heap
page read and write
25427C04000
heap
page read and write
273DD167000
heap
page read and write
273DC7EE000
heap
page read and write
1FFB8E7E000
heap
page read and write
7FFE0E159000
unkown
page read and write
25427646000
direct allocation
page read and write
234B920C000
direct allocation
page read and write
234B9203000
direct allocation
page read and write
10AB000
heap
page read and write
196F0F60000
direct allocation
page read and write
224A20D4000
heap
page read and write
2D50000
heap
page read and write
1E0BE720000
heap
page read and write
234B9090000
heap
page read and write
196F0FD4000
direct allocation
page read and write
90B0F7E000
stack
page read and write
7FFE0E181000
unkown
page read and write
1FFB6F3D000
direct allocation
page read and write
There are 408 hidden memdumps, click here to show them.