Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\DAAFIIJDAAAAKFHIDAAAKJJEGD
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 11
|
dropped
|
||
|
C:\ProgramData\EBKJDBAAKJDGCBFHCFCG
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\EGDGCGCF
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\EGDGCGCFHIEHIDGDBAAE
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\HDBGHDHC
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\HIDHIEGI
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\ProgramData\JDGCGDBG
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_8ea7d7c3451d3787ce7bc761967a957179df26c0_caf4c063_cca9cbd9-bb13-44d5-a7d0-8815e924c53b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA819.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Apr 24 14:47:58 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA8A6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA8C7.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199677575543[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 17 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 340
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543/badges
|
unknown
|
||
|
https://95.217.246.168
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=EyWBqDQS-6jg&a
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
|
unknown
|
||
|
https://95.217.246.168/vcruntime140.dll
|
95.217.246.168
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543/inventory/
|
unknown
|
||
|
https://95.217.246.168/Y
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&am
|
unknown
|
||
|
https://95.217.246.168/msvcp140.dlly
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=c4UneKQJ
|
unknown
|
||
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
https://95.217.246.168/
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
https://mozilla.org0/
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543Mozilla/5.0
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=ZVlkBFZXqRp1&l=e
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543
|
96.17.209.196
|
||
|
https://95.217.246.168/mozglue.dll1
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
https://95.217.246.168/msvcp140.dllC
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://95.217.246.168/vcruntime140.dllv
|
unknown
|
||
|
https://t.me/snsb82At
|
unknown
|
||
|
https://95.217.246.168/nss3.dll
|
95.217.246.168
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
|
unknown
|
||
|
https://95.217.246.168/msvcp140.dll
|
95.217.246.168
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://95.217.246.168IEG
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543I~
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://95.217.246.168/freebl3.dllS
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://t.me/snsb82
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://95.217.246.168/softokn3.dllk
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://store.steampowered.com/
|
unknown
|
||
|
https://95.217.246.168/softokn3.dll
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
|
unknown
|
||
|
https://95.217.246.168/mozglue.dll
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://steamcommunity.com/kI
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
|
unknown
|
||
|
https://95.217.246.168/freebl3.dll
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
|
unknown
|
||
|
https://95.217.246.168/sqln.dll
|
95.217.246.168
|
||
|
http://store.steampowered.com/account/cookiepreferences/
|
unknown
|
||
|
https://store.steampowered.com/mobile
|
unknown
|
||
|
https://steamcommunity.com/
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=2YYI
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
steamcommunity.com
|
96.17.209.196
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
95.217.246.168
|
unknown
|
Germany
|
||
|
96.17.209.196
|
steamcommunity.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProgramId
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
FileId
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LongPathHash
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Name
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
OriginalFileName
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Publisher
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Version
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinFileVersion
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinaryType
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProductName
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProductVersion
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LinkDate
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinProductVersion
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Size
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Language
|
||
|
\REGISTRY\A\{ca8e637b-6746-fc31-2f12-d10d2754d9b8}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
43A000
|
remote allocation
|
page execute and read and write
|
|
|
|
15BD000
|
heap
|
page read and write
|
|
|
|
2FB000
|
unkown
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
15F2B000
|
stack
|
page read and write
|
||
|
162EF000
|
heap
|
page read and write
|
||
|
136D000
|
stack
|
page read and write
|
||
|
1C3B6000
|
direct allocation
|
page execute read
|
||
|
23F000
|
unkown
|
page execute read
|
||
|
1136F000
|
stack
|
page read and write
|
||
|
113BE000
|
stack
|
page read and write
|
||
|
155A000
|
heap
|
page read and write
|
||
|
5F9000
|
remote allocation
|
page execute and read and write
|
||
|
2E7000
|
unkown
|
page readonly
|
||
|
339000
|
unkown
|
page read and write
|
||
|
33E000
|
unkown
|
page readonly
|
||
|
A06E000
|
stack
|
page read and write
|
||
|
159D000
|
heap
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
1602C000
|
stack
|
page read and write
|
||
|
161E4000
|
heap
|
page read and write
|
||
|
A16F000
|
stack
|
page read and write
|
||
|
1C49A000
|
direct allocation
|
page readonly
|
||
|
340000
|
unkown
|
page readonly
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
162E8000
|
heap
|
page read and write
|
||
|
132F000
|
stack
|
page read and write
|
||
|
51B000
|
remote allocation
|
page execute and read and write
|
||
|
1C6F5000
|
heap
|
page read and write
|
||
|
32F000
|
unkown
|
page execute and read and write
|
||
|
EDCF000
|
stack
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
340000
|
unkown
|
page readonly
|
||
|
17F6000
|
heap
|
page read and write
|
||
|
1C45F000
|
direct allocation
|
page readonly
|
||
|
2FB000
|
unkown
|
page write copy
|
||
|
1C49D000
|
direct allocation
|
page readonly
|
||
|
1510000
|
heap
|
page read and write
|
||
|
1C45D000
|
direct allocation
|
page execute read
|
||
|
133C000
|
stack
|
page read and write
|
||
|
C72E000
|
stack
|
page read and write
|
||
|
151A000
|
heap
|
page read and write
|
||
|
18CE000
|
stack
|
page read and write
|
||
|
1C468000
|
direct allocation
|
page readonly
|
||
|
1642F000
|
heap
|
page read and write
|
||
|
1644D000
|
heap
|
page read and write
|
||
|
1C49F000
|
direct allocation
|
page readonly
|
||
|
2E0000
|
unkown
|
page execute read
|
||
|
16060000
|
heap
|
page read and write
|
||
|
23B000
|
unkown
|
page execute read
|
||
|
1627000
|
heap
|
page read and write
|
||
|
1ED2F000
|
stack
|
page read and write
|
||
|
1C492000
|
direct allocation
|
page read and write
|
||
|
EE2E000
|
stack
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
126C000
|
stack
|
page read and write
|
||
|
15EBF000
|
stack
|
page read and write
|
||
|
436000
|
remote allocation
|
page execute and read and write
|
||
|
164F4000
|
heap
|
page read and write
|
||
|
C6EC000
|
stack
|
page read and write
|
||
|
A1AE000
|
stack
|
page read and write
|
||
|
231000
|
unkown
|
page execute read
|
||
|
164F6000
|
heap
|
page read and write
|
||
|
641000
|
remote allocation
|
page execute and read and write
|
||
|
1C6F0000
|
heap
|
page read and write
|
||
|
161C000
|
heap
|
page read and write
|
||
|
ECCE000
|
stack
|
page read and write
|
||
|
123C000
|
stack
|
page read and write
|
||
|
15ED0000
|
heap
|
page read and write
|
||
|
175C000
|
heap
|
page read and write
|
||
|
1C250000
|
direct allocation
|
page execute and read and write
|
||
|
1495000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
2E0000
|
unkown
|
page execute read
|
||
|
1C761000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
7A6F000
|
unkown
|
page read and write
|
||
|
231000
|
unkown
|
page execute read
|
||
|
1480000
|
heap
|
page read and write
|
||
|
EC6D000
|
stack
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
230000
|
unkown
|
page readonly
|
||
|
161D0000
|
heap
|
page read and write
|
||
|
518000
|
remote allocation
|
page execute and read and write
|
||
|
1C251000
|
direct allocation
|
page execute read
|
||
|
150A000
|
heap
|
page read and write
|
||
|
23B000
|
unkown
|
page execute read
|
||
|
2E7000
|
unkown
|
page readonly
|
||
|
1625000
|
heap
|
page read and write
|
||
|
17C8000
|
heap
|
page read and write
|
||
|
1397E000
|
stack
|
page read and write
|
||
|
1C6FD000
|
heap
|
page read and write
|
||
|
1523000
|
heap
|
page read and write
|
||
|
1674000
|
heap
|
page read and write
|
||
|
174B000
|
heap
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
230000
|
unkown
|
page readonly
|
||
|
1C258000
|
direct allocation
|
page execute read
|
||
|
1333000
|
stack
|
page read and write
|
||
|
53AE000
|
unkown
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
150E000
|
heap
|
page read and write
|
||
|
55F000
|
remote allocation
|
page execute and read and write
|
||
|
23F000
|
unkown
|
page execute read
|
||
|
138FD000
|
stack
|
page read and write
|
||
|
521000
|
remote allocation
|
page execute and read and write
|
||
|
33E000
|
unkown
|
page readonly
|
||
|
1C775000
|
heap
|
page read and write
|
||
|
536E000
|
unkown
|
page read and write
|
||
|
132B000
|
stack
|
page read and write
|
||
|
339000
|
unkown
|
page write copy
|
There are 103 hidden memdumps, click here to show them.