Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
GVV.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\silvexes\deblaterate.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deblaterate.vbs
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_5693d0d813f2531fe5aa358b2e8db4971ac2bbc_ce844639_4f98f805-979e-40ac-b848-95ff23acc2eb\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_af2772e4ab08333cacfef31df4e86d06a6d18a1_ce844639_5511f13d-c1c7-48e1-aaed-66db8b4a8302\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA26.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu May 2 13:09:58 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB8E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCBAF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREBD7.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu May 2 13:10:06 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERECB3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERECD3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut867.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut8C6.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autBD74.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autBDD3.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autEA6E.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autEACD.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\disturb
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\proximobuccal
|
ASCII text, with very long lines (29744), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\logs.dat
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\GVV.exe
|
"C:\Users\user\Desktop\GVV.exe"
|
|
|
|
C:\Users\user\AppData\Local\silvexes\deblaterate.exe
|
"C:\Users\user\Desktop\GVV.exe"
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
"C:\Users\user\Desktop\GVV.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\deblaterate.vbs"
|
|
|
|
C:\Users\user\AppData\Local\silvexes\deblaterate.exe
|
"C:\Users\user\AppData\Local\silvexes\deblaterate.exe"
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
"C:\Users\user\AppData\Local\silvexes\deblaterate.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 1456
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 1456
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
yuahdgbceja.sytes.net
|
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
|
|
|
http://geoplugin.net/json.gpal
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://geoplugin.net/json.gpSystem32
|
unknown
|
||
|
http://geoplugin.net/json.gpll
|
unknown
|
||
|
http://geoplugin.net/json.gpD6
|
unknown
|
||
|
http://geoplugin.net/json.gp~
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
yuahdgbceja.sytes.net
|
23.94.53.100
|
|
|
|
geoplugin.net
|
178.237.33.50
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.94.53.100
|
yuahdgbceja.sytes.net
|
United States
|
|
|
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-E70NOS
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-E70NOS
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-E70NOS
|
time
|
|
|
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
ProgramId
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
FileId
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
LongPathHash
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Name
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
OriginalFileName
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Publisher
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Version
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
BinFileVersion
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
BinaryType
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
ProductName
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
ProductVersion
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
LinkDate
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
BinProductVersion
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Size
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Language
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
IsOsComponent
|
||
|
\REGISTRY\A\{7fc31948-b229-8674-309c-e8b3c75edb09}\Root\InventoryApplicationFile\svchost.exe|1260c7b0519b1406
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 19 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4000000
|
direct allocation
|
page read and write
|
|
|
|
3E00000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
43BE000
|
direct allocation
|
page read and write
|
||
|
191F000
|
heap
|
page read and write
|
||
|
1862000
|
heap
|
page read and write
|
||
|
3F10000
|
direct allocation
|
page read and write
|
||
|
43DD000
|
direct allocation
|
page read and write
|
||
|
41DD000
|
direct allocation
|
page read and write
|
||
|
17D2000
|
heap
|
page read and write
|
||
|
F5C000
|
heap
|
page read and write
|
||
|
192E000
|
heap
|
page read and write
|
||
|
110000
|
unkown
|
page readonly
|
||
|
41D9000
|
direct allocation
|
page read and write
|
||
|
41DD000
|
direct allocation
|
page read and write
|
||
|
2A02000
|
heap
|
page read and write
|
||
|
1E7162A4000
|
heap
|
page read and write
|
||
|
3E80000
|
direct allocation
|
page read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
1AC000
|
unkown
|
page readonly
|
||
|
2C31000
|
heap
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
17EA000
|
heap
|
page read and write
|
||
|
2E4C000
|
heap
|
page read and write
|
||
|
17A0000
|
heap
|
page read and write
|
||
|
EB3000
|
heap
|
page read and write
|
||
|
1930000
|
heap
|
page read and write
|
||
|
1780000
|
direct allocation
|
page execute and read and write
|
||
|
17BC000
|
heap
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
E02000
|
heap
|
page read and write
|
||
|
E93000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
444E000
|
direct allocation
|
page read and write
|
||
|
DE9000
|
heap
|
page read and write
|
||
|
2E59000
|
heap
|
page read and write
|
||
|
185B000
|
heap
|
page read and write
|
||
|
40B0000
|
direct allocation
|
page read and write
|
||
|
B99CDFF000
|
stack
|
page read and write
|
||
|
2C8F000
|
heap
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
1663000
|
heap
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
4080000
|
direct allocation
|
page read and write
|
||
|
532000
|
unkown
|
page readonly
|
||
|
16BE000
|
stack
|
page read and write
|
||
|
184C000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
111000
|
unkown
|
page execute read
|
||
|
38B0000
|
heap
|
page read and write
|
||
|
17DD000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
444E000
|
direct allocation
|
page read and write
|
||
|
471000
|
unkown
|
page execute read
|
||
|
414D000
|
direct allocation
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
4033000
|
direct allocation
|
page read and write
|
||
|
424E000
|
direct allocation
|
page read and write
|
||
|
1F9F000
|
stack
|
page read and write
|
||
|
1E716252000
|
heap
|
page read and write
|
||
|
B99D3FD000
|
stack
|
page read and write
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
434D000
|
direct allocation
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
2E59000
|
heap
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
16DA000
|
heap
|
page read and write
|
||
|
B99D6FB000
|
stack
|
page read and write
|
||
|
4EAF000
|
stack
|
page read and write
|
||
|
1E716080000
|
heap
|
page read and write
|
||
|
3FA3000
|
direct allocation
|
page read and write
|
||
|
1950000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
166C000
|
heap
|
page read and write
|
||
|
41A3000
|
direct allocation
|
page read and write
|
||
|
53FD000
|
stack
|
page read and write
|
||
|
F7F000
|
heap
|
page read and write
|
||
|
1638000
|
heap
|
page read and write
|
||
|
532000
|
unkown
|
page readonly
|
||
|
43DD000
|
direct allocation
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
1864000
|
heap
|
page read and write
|
||
|
5B9B000
|
stack
|
page read and write
|
||
|
17DD000
|
heap
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
17AD000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
1713000
|
heap
|
page read and write
|
||
|
1770000
|
heap
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
43BE000
|
direct allocation
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
5E8C000
|
heap
|
page read and write
|
||
|
3360000
|
direct allocation
|
page read and write
|
||
|
3F10000
|
direct allocation
|
page read and write
|
||
|
38B4000
|
heap
|
page read and write
|
||
|
15CF000
|
stack
|
page read and write
|
||
|
B99C9CA000
|
stack
|
page read and write
|
||
|
478000
|
system
|
page execute and read and write
|
||
|
41DD000
|
direct allocation
|
page read and write
|
||
|
2C4C000
|
heap
|
page read and write
|
||
|
F6E000
|
heap
|
page read and write
|
||
|
48F0000
|
heap
|
page read and write
|
||
|
179E000
|
heap
|
page read and write
|
||
|
41A3000
|
direct allocation
|
page read and write
|
||
|
17DC000
|
heap
|
page read and write
|
||
|
E7C000
|
heap
|
page read and write
|
||
|
471000
|
unkown
|
page execute read
|
||
|
4233000
|
direct allocation
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
4349000
|
direct allocation
|
page read and write
|
||
|
17D2000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
4349000
|
direct allocation
|
page read and write
|
||
|
571F000
|
stack
|
page read and write
|
||
|
1AC0000
|
heap
|
page read and write
|
||
|
1A80000
|
direct allocation
|
page execute and read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
4149000
|
direct allocation
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
4233000
|
direct allocation
|
page read and write
|
||
|
41A3000
|
direct allocation
|
page read and write
|
||
|
4F3F000
|
stack
|
page read and write
|
||
|
1AC000
|
unkown
|
page readonly
|
||
|
17AE000
|
heap
|
page read and write
|
||
|
2C02000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
2E12000
|
heap
|
page read and write
|
||
|
1E0000
|
unkown
|
page write copy
|
||
|
4110000
|
direct allocation
|
page read and write
|
||
|
15BF000
|
stack
|
page read and write
|
||
|
4CBF000
|
stack
|
page read and write
|
||
|
F53000
|
heap
|
page read and write
|
||
|
2C7D000
|
heap
|
page read and write
|
||
|
1662000
|
heap
|
page read and write
|
||
|
544000
|
unkown
|
page readonly
|
||
|
1883000
|
heap
|
page read and write
|
||
|
17DD000
|
heap
|
page read and write
|
||
|
5E00000
|
heap
|
page read and write
|
||
|
575D000
|
stack
|
page read and write
|
||
|
41BE000
|
direct allocation
|
page read and write
|
||
|
414D000
|
direct allocation
|
page read and write
|
||
|
17B8000
|
heap
|
page read and write
|
||
|
166C000
|
heap
|
page read and write
|
||
|
4C6C000
|
stack
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
B99D4FE000
|
stack
|
page read and write
|
||
|
4110000
|
direct allocation
|
page read and write
|
||
|
1570000
|
direct allocation
|
page execute and read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
2F01000
|
heap
|
page read and write
|
||
|
16EA000
|
heap
|
page read and write
|
||
|
1E717CD0000
|
heap
|
page read and write
|
||
|
1E71641E000
|
heap
|
page read and write
|
||
|
F4F000
|
heap
|
page read and write
|
||
|
5A5F000
|
stack
|
page read and write
|
||
|
43D9000
|
direct allocation
|
page read and write
|
||
|
2D01000
|
heap
|
page read and write
|
||
|
15FF000
|
stack
|
page read and write
|
||
|
4233000
|
direct allocation
|
page read and write
|
||
|
1E716180000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
17AD000
|
heap
|
page read and write
|
||
|
9C6E000
|
direct allocation
|
page read and write
|
||
|
E8B000
|
heap
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
55DF000
|
stack
|
page read and write
|
||
|
E0B000
|
heap
|
page read and write
|
||
|
124E000
|
stack
|
page read and write
|
||
|
2C65000
|
heap
|
page read and write
|
||
|
2E4C000
|
heap
|
page read and write
|
||
|
BBF000
|
stack
|
page read and write
|
||
|
386E000
|
direct allocation
|
page read and write
|
||
|
49EE000
|
stack
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
585E000
|
stack
|
page read and write
|
||
|
42B0000
|
direct allocation
|
page read and write
|
||
|
3E80000
|
direct allocation
|
page read and write
|
||
|
E94000
|
heap
|
page read and write
|
||
|
E93000
|
heap
|
page read and write
|
||
|
17BD000
|
heap
|
page read and write
|
||
|
E04000
|
heap
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
474000
|
system
|
page execute and read and write
|
||
|
16F3000
|
heap
|
page read and write
|
||
|
1D2000
|
unkown
|
page readonly
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
126C000
|
stack
|
page read and write
|
||
|
4080000
|
direct allocation
|
page read and write
|
||
|
F6C000
|
heap
|
page read and write
|
||
|
1E2F000
|
stack
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
4220000
|
direct allocation
|
page read and write
|
||
|
4C6E000
|
direct allocation
|
page read and write
|
||
|
18F4000
|
heap
|
page read and write
|
||
|
1910000
|
heap
|
page read and write
|
||
|
444E000
|
direct allocation
|
page read and write
|
||
|
2C8F000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page readonly
|
||
|
1940000
|
heap
|
page read and write
|
||
|
3FA3000
|
direct allocation
|
page read and write
|
||
|
556E000
|
stack
|
page read and write
|
||
|
191F000
|
heap
|
page read and write
|
||
|
16F3000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
926E000
|
direct allocation
|
page read and write
|
||
|
E0C000
|
heap
|
page read and write
|
||
|
1E4000
|
unkown
|
page readonly
|
||
|
3454000
|
heap
|
page read and write
|
||
|
4080000
|
direct allocation
|
page read and write
|
||
|
532000
|
unkown
|
page readonly
|
||
|
4220000
|
direct allocation
|
page read and write
|
||
|
270C000
|
stack
|
page read and write
|
||
|
16F3000
|
heap
|
page read and write
|
||
|
15DC000
|
stack
|
page read and write
|
||
|
110000
|
unkown
|
page readonly
|
||
|
57ED000
|
stack
|
page read and write
|
||
|
16F3000
|
heap
|
page read and write
|
||
|
43D9000
|
direct allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
EB9000
|
stack
|
page read and write
|
||
|
4020000
|
direct allocation
|
page read and write
|
||
|
B99D1FF000
|
stack
|
page read and write
|
||
|
424E000
|
direct allocation
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
6A6E000
|
direct allocation
|
page read and write
|
||
|
4FEF000
|
stack
|
page read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
27FB000
|
stack
|
page read and write
|
||
|
53C000
|
unkown
|
page read and write
|
||
|
37A0000
|
direct allocation
|
page read and write
|
||
|
53C000
|
unkown
|
page write copy
|
||
|
17DB000
|
heap
|
page read and write
|
||
|
17DD000
|
heap
|
page read and write
|
||
|
544000
|
unkown
|
page readonly
|
||
|
1664000
|
heap
|
page read and write
|
||
|
17ED000
|
heap
|
page read and write
|
||
|
42B0000
|
direct allocation
|
page read and write
|
||
|
1D2000
|
unkown
|
page readonly
|
||
|
BDC000
|
stack
|
page read and write
|
||
|
40B0000
|
direct allocation
|
page read and write
|
||
|
1DC000
|
unkown
|
page read and write
|
||
|
540000
|
unkown
|
page write copy
|
||
|
17AE000
|
heap
|
page read and write
|
||
|
1E716410000
|
heap
|
page read and write
|
||
|
193D000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
E89000
|
stack
|
page read and write
|
||
|
4349000
|
direct allocation
|
page read and write
|
||
|
7E6E000
|
direct allocation
|
page read and write
|
||
|
17CD000
|
heap
|
page read and write
|
||
|
886E000
|
direct allocation
|
page read and write
|
||
|
2E54000
|
heap
|
page read and write
|
||
|
E0C000
|
heap
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
43BE000
|
direct allocation
|
page read and write
|
||
|
532000
|
unkown
|
page readonly
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
1DC000
|
unkown
|
page write copy
|
||
|
1A70000
|
heap
|
page read and write
|
||
|
2E54000
|
heap
|
page read and write
|
||
|
1E716240000
|
heap
|
page read and write
|
||
|
17DC000
|
heap
|
page read and write
|
||
|
1E716160000
|
heap
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
17CD000
|
heap
|
page read and write
|
||
|
566F000
|
stack
|
page read and write
|
||
|
17AE000
|
heap
|
page read and write
|
||
|
53C000
|
unkown
|
page read and write
|
||
|
544000
|
unkown
|
page readonly
|
||
|
DD8000
|
heap
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
1921000
|
heap
|
page read and write
|
||
|
2E7D000
|
heap
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
3F10000
|
direct allocation
|
page read and write
|
||
|
4020000
|
direct allocation
|
page read and write
|
||
|
2E31000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
17A8000
|
heap
|
page read and write
|
||
|
16F3000
|
heap
|
page read and write
|
||
|
BFF000
|
stack
|
page read and write
|
||
|
147E000
|
stack
|
page read and write
|
||
|
42B0000
|
direct allocation
|
page read and write
|
||
|
16F3000
|
heap
|
page read and write
|
||
|
4B2B000
|
stack
|
page read and write
|
||
|
E92000
|
heap
|
page read and write
|
||
|
17BD000
|
heap
|
page read and write
|
||
|
1911000
|
heap
|
page read and write
|
||
|
3E80000
|
direct allocation
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
5A9000
|
stack
|
page read and write
|
||
|
1E4000
|
unkown
|
page readonly
|
||
|
1863000
|
heap
|
page read and write
|
||
|
4CFE000
|
stack
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
414D000
|
direct allocation
|
page read and write
|
||
|
4BBC000
|
stack
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
424E000
|
direct allocation
|
page read and write
|
||
|
56AE000
|
stack
|
page read and write
|
||
|
1E716415000
|
heap
|
page read and write
|
||
|
F4F000
|
heap
|
page read and write
|
||
|
B99D0FF000
|
stack
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
4A7B000
|
stack
|
page read and write
|
||
|
43D9000
|
direct allocation
|
page read and write
|
||
|
50C000
|
unkown
|
page readonly
|
||
|
BEF000
|
stack
|
page read and write
|
||
|
3861000
|
direct allocation
|
page read and write
|
||
|
2C59000
|
heap
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
2C8B000
|
heap
|
page read and write
|
||
|
128F000
|
stack
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
185B000
|
heap
|
page read and write
|
||
|
54FE000
|
stack
|
page read and write
|
||
|
F55000
|
heap
|
page read and write
|
||
|
192F000
|
heap
|
page read and write
|
||
|
111000
|
unkown
|
page execute read
|
||
|
16EB000
|
heap
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
17CB000
|
heap
|
page read and write
|
||
|
2E67000
|
heap
|
page read and write
|
||
|
274B000
|
stack
|
page read and write
|
||
|
2CC1000
|
heap
|
page read and write
|
||
|
222E000
|
stack
|
page read and write
|
||
|
41BE000
|
direct allocation
|
page read and write
|
||
|
17ED000
|
heap
|
page read and write
|
||
|
544000
|
unkown
|
page readonly
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
471000
|
unkown
|
page execute read
|
||
|
540000
|
unkown
|
page write copy
|
||
|
2140000
|
direct allocation
|
page read and write
|
||
|
17ED000
|
heap
|
page read and write
|
||
|
16EB000
|
heap
|
page read and write
|
||
|
41BE000
|
direct allocation
|
page read and write
|
||
|
43DD000
|
direct allocation
|
page read and write
|
||
|
184B000
|
heap
|
page read and write
|
||
|
B99CCFE000
|
stack
|
page read and write
|
||
|
1E716277000
|
heap
|
page read and write
|
||
|
4D6F000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
746E000
|
direct allocation
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
4C2F000
|
stack
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
5E8C000
|
heap
|
page read and write
|
||
|
5E8C000
|
heap
|
page read and write
|
||
|
4020000
|
direct allocation
|
page read and write
|
||
|
4AEE000
|
stack
|
page read and write
|
||
|
40B0000
|
direct allocation
|
page read and write
|
||
|
F5F000
|
heap
|
page read and write
|
||
|
4033000
|
direct allocation
|
page read and write
|
||
|
1554000
|
heap
|
page read and write
|
||
|
3FA3000
|
direct allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
566E000
|
direct allocation
|
page read and write
|
||
|
4149000
|
direct allocation
|
page read and write
|
||
|
41D9000
|
direct allocation
|
page read and write
|
||
|
304D000
|
stack
|
page read and write
|
||
|
185B000
|
heap
|
page read and write
|
||
|
426E000
|
direct allocation
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
434D000
|
direct allocation
|
page read and write
|
||
|
2E6B000
|
heap
|
page read and write
|
||
|
478000
|
system
|
page execute and read and write
|
||
|
F4E000
|
heap
|
page read and write
|
||
|
2B60000
|
heap
|
page readonly
|
||
|
E02000
|
heap
|
page read and write
|
||
|
561D000
|
stack
|
page read and write
|
||
|
17AD000
|
heap
|
page read and write
|
||
|
4033000
|
direct allocation
|
page read and write
|
||
|
4220000
|
direct allocation
|
page read and write
|
||
|
B99CEFF000
|
stack
|
page read and write
|
||
|
16F4000
|
heap
|
page read and write
|
||
|
B99D5FE000
|
stack
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
2C12000
|
heap
|
page read and write
|
||
|
166B000
|
heap
|
page read and write
|
||
|
53C000
|
unkown
|
page write copy
|
||
|
A66E000
|
direct allocation
|
page read and write
|
||
|
1E71626B000
|
heap
|
page read and write
|
||
|
4B7E000
|
stack
|
page read and write
|
||
|
3CBF000
|
stack
|
page read and write
|
||
|
1863000
|
heap
|
page read and write
|
||
|
EFA000
|
heap
|
page read and write
|
||
|
127F000
|
stack
|
page read and write
|
||
|
59CB000
|
stack
|
page read and write
|
||
|
474000
|
system
|
page execute and read and write
|
||
|
1910000
|
heap
|
page read and write
|
||
|
434D000
|
direct allocation
|
page read and write
|
||
|
E0B000
|
heap
|
page read and write
|
||
|
471000
|
unkown
|
page execute read
|
||
|
606E000
|
direct allocation
|
page read and write
|
||
|
17AD000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
1920000
|
heap
|
page read and write
|
||
|
4DFF000
|
stack
|
page read and write
|
||
|
4110000
|
direct allocation
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
2E8E000
|
heap
|
page read and write
|
||
|
17D4000
|
heap
|
page read and write
|
||
|
27BC000
|
stack
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
E8B000
|
heap
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
57AE000
|
stack
|
page read and write
|
||
|
5E7A000
|
heap
|
page read and write
|
||
|
18BC000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
16F3000
|
heap
|
page read and write
|
||
|
2C71000
|
heap
|
page read and write
|
||
|
58CC000
|
stack
|
page read and write
|
||
|
2E67000
|
heap
|
page read and write
|
||
|
F6E000
|
heap
|
page read and write
|
||
|
5E01000
|
heap
|
page read and write
|
||
|
4149000
|
direct allocation
|
page read and write
|
||
|
17DC000
|
heap
|
page read and write
|
||
|
41D9000
|
direct allocation
|
page read and write
|
||
|
E0C000
|
heap
|
page read and write
|
There are 420 hidden memdumps, click here to show them.