Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
97NT8DO3JB.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_1630c49f-2354-49a2-9ab8-dc030df3b2ee\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_3a48af57-569b-4ab4-b9ea-256268bf1ad0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_5c38cd1d-3bce-4550-bdcf-bb046d0ffe19\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_8fd0dd96-51df-4555-aa5e-8b9425c46166\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_acc9e967-ff41-4224-90bc-0f98e5eb772f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_cdb61ca0-0229-40fc-b9c9-8fe9029a2de5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_ef6f7bd1-c393-4e57-b46f-a509222f2e19\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_6be156e7f6408b6a57b6e7c3a2ce735a1cd81ea8_1bd0a4a3_0ed49d18-13ae-42ea-852a-2af280a287d7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FC7.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Apr 19 20:35:54 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3055.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3084.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3219.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Apr 19 20:35:54 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3268.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3288.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER34F7.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Apr 19 20:35:55 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3556.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3566.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER36EB.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Apr 19 20:35:55 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3759.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER377A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER393D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Apr 19 20:35:56 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER399C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER39CB.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B7F.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Apr 19 20:35:57 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3BED.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C4C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER44F5.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Apr 19 20:35:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER45B1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER45D2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4821.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Apr 19 20:36:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER489F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER48DF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ping[1].htm
|
very short file (no magic)
|
dropped
|
||
|
C:\Windows\Logs\SIH\SIH.20240419.223612.085.1.etl
|
data
|
dropped
|
||
|
C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\TMP7B18.tmp
|
Microsoft Cabinet archive data, single, 462 bytes, 1 file, at 0x44 +Utf "environment.xml", flags 0x4, ID 31944, number 1,
extra bytes 20 in head, 1 datablock, 0x1 compression
|
dropped
|
||
|
C:\Windows\SoftwareDistribution\SLS\522D76A4-93E1-47F8-B8CE-07C937AD1A1E\sls.cab
|
Microsoft Cabinet archive data, single, 7826 bytes, 1 file, at 0x44 +Utf "environment.cab", flags 0x4, ID 53283, number 1,
extra bytes 20 in head, 1 datablock, 0x1 compression
|
dropped
|
||
|
C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\TMP841D.tmp
|
Microsoft Cabinet archive data, single, 283 bytes, 1 file, at 0x44 +Utf "environment.xml", flags 0x4, ID 18148, number 1,
extra bytes 20 in head, 1 datablock, 0x1 compression
|
dropped
|
||
|
C:\Windows\SoftwareDistribution\SLS\E7A50285-D08D-499D-9FF8-180FDC2332BC\sls.cab
|
Microsoft Cabinet archive data, single, 8785 bytes, 1 file, at 0x44 +Utf "environment.cab", flags 0x4, ID 36571, number 1,
extra bytes 20 in head, 1 datablock, 0x1 compression
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 30 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\97NT8DO3JB.exe
|
"C:\Users\user\Desktop\97NT8DO3JB.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 744
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 764
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 780
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 772
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 904
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 912
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 1376
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c taskkill /im "97NT8DO3JB.exe" /f & erase "C:\Users\user\Desktop\97NT8DO3JB.exe" & exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /im "97NT8DO3JB.exe" /f
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 1336
|
||
|
C:\Windows\System32\SIHClient.exe
|
C:\Windows\System32\sihclient.exe /cv mYxTU7XVgUSOC2w2/zVglw.0.2
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.172.128.90/cpa/ping.php?substr=one&s=two
|
185.172.128.90
|
|
|
|
http://upx.sf.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.172.128.90
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
ProgramId
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
FileId
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
LongPathHash
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
Name
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
OriginalFileName
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
Publisher
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
Version
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
BinFileVersion
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
BinaryType
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
ProductName
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
ProductVersion
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
LinkDate
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
BinProductVersion
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
Size
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
Language
|
||
|
\REGISTRY\A\{9b44aa7a-71ee-9ef5-07ad-902c53db772c}\Root\InventoryApplicationFile\97nt8do3jb.exe|4030b72866cea4ea
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3670000
|
direct allocation
|
page execute and read and write
|
|
|
|
36A0000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
45FC000
|
stack
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
1C5E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4310000
|
heap
|
page read and write
|
||
|
1C10000
|
heap
|
page read and write
|
||
|
3B6E000
|
stack
|
page read and write
|
||
|
17B2189E000
|
heap
|
page read and write
|
||
|
3BAD000
|
stack
|
page read and write
|
||
|
17B2196E000
|
heap
|
page read and write
|
||
|
17B218BA000
|
heap
|
page read and write
|
||
|
17B20F46000
|
heap
|
page read and write
|
||
|
17B21867000
|
heap
|
page read and write
|
||
|
232D000
|
stack
|
page read and write
|
||
|
17B218BD000
|
heap
|
page read and write
|
||
|
17B20E70000
|
heap
|
page read and write
|
||
|
1B1E000
|
heap
|
page read and write
|
||
|
17B21898000
|
heap
|
page read and write
|
||
|
17B21960000
|
heap
|
page read and write
|
||
|
448000
|
unkown
|
page read and write
|
||
|
17B20E9F000
|
heap
|
page read and write
|
||
|
23DE000
|
unkown
|
page read and write
|
||
|
17B20E77000
|
heap
|
page read and write
|
||
|
410D000
|
stack
|
page read and write
|
||
|
1B9C27C000
|
stack
|
page read and write
|
||
|
17B20F15000
|
heap
|
page read and write
|
||
|
17B21963000
|
heap
|
page read and write
|
||
|
17B20DA0000
|
heap
|
page read and write
|
||
|
2A52000
|
heap
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
17B20E74000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
17B2196A000
|
heap
|
page read and write
|
||
|
17B20ED3000
|
heap
|
page read and write
|
||
|
17B21AC8000
|
heap
|
page read and write
|
||
|
17B2184F000
|
heap
|
page read and write
|
||
|
17B218A6000
|
heap
|
page read and write
|
||
|
17B21860000
|
heap
|
page read and write
|
||
|
17B2196E000
|
heap
|
page read and write
|
||
|
17B2187D000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page write copy
|
||
|
17B20F61000
|
heap
|
page read and write
|
||
|
17B21863000
|
heap
|
page read and write
|
||
|
17B20F55000
|
heap
|
page read and write
|
||
|
1A30000
|
heap
|
page read and write
|
||
|
17B21897000
|
heap
|
page read and write
|
||
|
17B20EEA000
|
heap
|
page read and write
|
||
|
1BEB000
|
heap
|
page read and write
|
||
|
17B20E81000
|
heap
|
page read and write
|
||
|
17B20EED000
|
heap
|
page read and write
|
||
|
426000
|
unkown
|
page write copy
|
||
|
17B21898000
|
heap
|
page read and write
|
||
|
17B21AC1000
|
heap
|
page read and write
|
||
|
17B21879000
|
heap
|
page read and write
|
||
|
17B21840000
|
heap
|
page read and write
|
||
|
17B20F67000
|
heap
|
page read and write
|
||
|
420B000
|
stack
|
page read and write
|
||
|
422D000
|
heap
|
page read and write
|
||
|
1B2F000
|
heap
|
page execute and read and write
|
||
|
17B20DB0000
|
heap
|
page read and write
|
||
|
17B21965000
|
heap
|
page read and write
|
||
|
17B20ED3000
|
heap
|
page read and write
|
||
|
17B21853000
|
heap
|
page read and write
|
||
|
1A10000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
26FD000
|
stack
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
17B21AB0000
|
heap
|
page read and write
|
||
|
17B21883000
|
heap
|
page read and write
|
||
|
3A6D000
|
stack
|
page read and write
|
||
|
17B21897000
|
heap
|
page read and write
|
||
|
17B21871000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
1B4A000
|
heap
|
page read and write
|
||
|
17B218B2000
|
heap
|
page read and write
|
||
|
1B9C2FF000
|
stack
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
17B21848000
|
heap
|
page read and write
|
||
|
17B21867000
|
heap
|
page read and write
|
||
|
17B21165000
|
heap
|
page read and write
|
||
|
1B9C37B000
|
stack
|
page read and write
|
||
|
17B20EBE000
|
heap
|
page read and write
|
||
|
17B2196A000
|
heap
|
page read and write
|
||
|
3CAE000
|
stack
|
page read and write
|
||
|
17B2186D000
|
heap
|
page read and write
|
||
|
17B20F02000
|
heap
|
page read and write
|
||
|
17B21967000
|
heap
|
page read and write
|
||
|
4231000
|
heap
|
page read and write
|
||
|
17B21AB8000
|
heap
|
page read and write
|
||
|
17B21967000
|
heap
|
page read and write
|
||
|
17B2196B000
|
heap
|
page read and write
|
||
|
3FAD000
|
stack
|
page read and write
|
||
|
17B21876000
|
heap
|
page read and write
|
||
|
17B20F46000
|
heap
|
page read and write
|
||
|
29CF000
|
unkown
|
page read and write
|
||
|
17B20F67000
|
heap
|
page read and write
|
||
|
1BF9000
|
heap
|
page read and write
|
||
|
1D5F000
|
stack
|
page read and write
|
||
|
3F6E000
|
stack
|
page read and write
|
||
|
4218000
|
heap
|
page read and write
|
||
|
17B2196A000
|
heap
|
page read and write
|
||
|
17B20F02000
|
heap
|
page read and write
|
||
|
3CED000
|
stack
|
page read and write
|
||
|
17B21BB0000
|
heap
|
page read and write
|
||
|
41B000
|
unkown
|
page readonly
|
||
|
1B9BE87000
|
stack
|
page read and write
|
||
|
2A3C000
|
heap
|
page read and write
|
||
|
17B2185B000
|
heap
|
page read and write
|
||
|
2C2F000
|
stack
|
page read and write
|
||
|
17B20E79000
|
heap
|
page read and write
|
||
|
17B21ACC000
|
heap
|
page read and write
|
||
|
17B21861000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
17B20E78000
|
heap
|
page read and write
|
||
|
1B9C4FF000
|
stack
|
page read and write
|
||
|
17B20EB3000
|
heap
|
page read and write
|
||
|
17B218A7000
|
heap
|
page read and write
|
||
|
17B20F46000
|
heap
|
page read and write
|
||
|
1A11000
|
unkown
|
page readonly
|
||
|
3A10000
|
heap
|
page read and write
|
||
|
46FC000
|
stack
|
page read and write
|
||
|
3E6D000
|
stack
|
page read and write
|
||
|
4210000
|
heap
|
page read and write
|
||
|
17B21ABC000
|
heap
|
page read and write
|
||
|
17B20F60000
|
heap
|
page read and write
|
||
|
1B9C3FE000
|
stack
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
17B21160000
|
heap
|
page read and write
|
||
|
17B20E7B000
|
heap
|
page read and write
|
||
|
1BCD000
|
heap
|
page read and write
|
||
|
40AE000
|
stack
|
page read and write
|
||
|
3DEE000
|
stack
|
page read and write
|
||
|
17B20E8A000
|
heap
|
page read and write
|
||
|
17B20D80000
|
heap
|
page read and write
|
||
|
17B21AC6000
|
heap
|
page read and write
|
||
|
42F000
|
unkown
|
page write copy
|
||
|
1B9C47F000
|
stack
|
page read and write
|
||
|
2CF2000
|
heap
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
17B21940000
|
heap
|
page read and write
|
||
|
1B9BF0F000
|
stack
|
page read and write
|
||
|
17B21876000
|
heap
|
page read and write
|
||
|
1B9BF8E000
|
stack
|
page read and write
|
||
|
17B21842000
|
heap
|
page read and write
|
||
|
17B21962000
|
heap
|
page read and write
|
||
|
17B21964000
|
heap
|
page read and write
|
||
|
17B21ACC000
|
heap
|
page read and write
|
||
|
17B2184C000
|
heap
|
page read and write
|
||
|
17B21AB7000
|
heap
|
page read and write
|
||
|
1B19000
|
heap
|
page read and write
|
||
|
1A11000
|
unkown
|
page readonly
|
||
|
1B10000
|
heap
|
page read and write
|
||
|
1BE9000
|
heap
|
page read and write
|
||
|
1BE3000
|
heap
|
page read and write
|
||
|
17B20ECC000
|
heap
|
page read and write
|
||
|
17B20F67000
|
heap
|
page read and write
|
||
|
17B21883000
|
heap
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
1D5000
|
heap
|
page read and write
|
||
|
366F000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
17B218A6000
|
heap
|
page read and write
|
||
|
17B21ABF000
|
heap
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
There are 158 hidden memdumps, click here to show them.