Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\Desktop\download\n64-resident-evil-2.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\Desktop\extract\Resident Evil 2 (USA) (Rev A).n64
|
Nintendo 64 ROM image (V64)
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition
--user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip"
> cmdline.out 2>&1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
7za x -y -pinfected -o"C:\Users\user\Desktop\extract" "C:\Users\user\Desktop\download\n64-resident-evil-2.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip
|
|||
|
http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip
|
104.21.61.125
|
||
|
https://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zipzip
|
unknown
|
||
|
http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zipESSOR
|
unknown
|
||
|
http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zipX
|
unknown
|
||
|
http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.z
|
unknown
|
||
|
https://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip
|
104.21.61.125
|
||
|
http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zipamData
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
emulatorgames.onl
|
104.21.61.125
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.61.125
|
emulatorgames.onl
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E386C18000
|
heap
|
page read and write
|
||
|
1E38668B000
|
heap
|
page read and write
|
||
|
1E389603000
|
heap
|
page read and write
|
||
|
1E384CCE000
|
heap
|
page read and write
|
||
|
1E386BD8000
|
heap
|
page read and write
|
||
|
1E386BD1000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E386C1D000
|
heap
|
page read and write
|
||
|
1E389609000
|
heap
|
page read and write
|
||
|
2B19000
|
heap
|
page read and write
|
||
|
1E384CC4000
|
heap
|
page read and write
|
||
|
1E386D6A000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
1E386D75000
|
heap
|
page read and write
|
||
|
1E38668A000
|
heap
|
page read and write
|
||
|
1E384CA0000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
1E384CCC000
|
heap
|
page read and write
|
||
|
1E386680000
|
heap
|
page read and write
|
||
|
B86000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E386C05000
|
heap
|
page read and write
|
||
|
F8C000
|
heap
|
page read and write
|
||
|
1E386BDB000
|
heap
|
page read and write
|
||
|
1E386D15000
|
heap
|
page read and write
|
||
|
1E386BFA000
|
heap
|
page read and write
|
||
|
1E384CDA000
|
heap
|
page read and write
|
||
|
1E384CEB000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
1E386C19000
|
heap
|
page read and write
|
||
|
1E386BF6000
|
heap
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
1E386D4D000
|
heap
|
page read and write
|
||
|
1E386C1F000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
D8F000
|
stack
|
page read and write
|
||
|
1E384CC3000
|
heap
|
page read and write
|
||
|
1E386D7A000
|
heap
|
page read and write
|
||
|
1E386CD0000
|
heap
|
page read and write
|
||
|
2B15000
|
heap
|
page read and write
|
||
|
1E386BFA000
|
heap
|
page read and write
|
||
|
1E386BFA000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E386C0A000
|
heap
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
1E386BDB000
|
heap
|
page read and write
|
||
|
1E386D0B000
|
heap
|
page read and write
|
||
|
1E384CFC000
|
heap
|
page read and write
|
||
|
1E386C29000
|
heap
|
page read and write
|
||
|
1E386C12000
|
heap
|
page read and write
|
||
|
1E386BE7000
|
heap
|
page read and write
|
||
|
1E386BEF000
|
heap
|
page read and write
|
||
|
1E386BE2000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E386D5B000
|
heap
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
1E3895F8000
|
heap
|
page read and write
|
||
|
1E386CE5000
|
heap
|
page read and write
|
||
|
1E386CD9000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E3895E0000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
1E386D75000
|
heap
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
1E386D3A000
|
heap
|
page read and write
|
||
|
1E386D5B000
|
heap
|
page read and write
|
||
|
1E386CEA000
|
heap
|
page read and write
|
||
|
1E386D13000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E386BE3000
|
heap
|
page read and write
|
||
|
1E386CE5000
|
heap
|
page read and write
|
||
|
1E384CBF000
|
heap
|
page read and write
|
||
|
1E384CC6000
|
heap
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E384CC4000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E386C12000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E386D52000
|
heap
|
page read and write
|
||
|
1E386D7A000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E386D58000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E386CE0000
|
heap
|
page read and write
|
||
|
F8B000
|
heap
|
page read and write
|
||
|
1E384CCD000
|
heap
|
page read and write
|
||
|
1E386D67000
|
heap
|
page read and write
|
||
|
1E386C0A000
|
heap
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
1E386BD5000
|
heap
|
page read and write
|
||
|
1E386D6A000
|
heap
|
page read and write
|
||
|
1E386C0E000
|
heap
|
page read and write
|
||
|
1E386D0B000
|
heap
|
page read and write
|
||
|
1E384CEC000
|
heap
|
page read and write
|
||
|
1E386BFA000
|
heap
|
page read and write
|
||
|
1E384B80000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E386D03000
|
heap
|
page read and write
|
||
|
1E386BEF000
|
heap
|
page read and write
|
||
|
1E386CFC000
|
heap
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
1E386CC0000
|
heap
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
1E386C12000
|
heap
|
page read and write
|
||
|
1E384CCC000
|
heap
|
page read and write
|
||
|
1E384CDB000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
1E386D61000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E384CE1000
|
heap
|
page read and write
|
||
|
1E386D75000
|
heap
|
page read and write
|
||
|
1E386BF0000
|
heap
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
1E386C12000
|
heap
|
page read and write
|
||
|
1E386D43000
|
heap
|
page read and write
|
||
|
5F76CFB000
|
stack
|
page read and write
|
||
|
1E386CFC000
|
heap
|
page read and write
|
||
|
1E386D61000
|
heap
|
page read and write
|
||
|
5F76A7E000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
1E386BEF000
|
heap
|
page read and write
|
||
|
1E386C15000
|
heap
|
page read and write
|
||
|
279F000
|
stack
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
1E386D7A000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E386D6A000
|
heap
|
page read and write
|
||
|
5F76C7E000
|
stack
|
page read and write
|
||
|
1E386D4D000
|
heap
|
page read and write
|
||
|
1E384CCC000
|
heap
|
page read and write
|
||
|
1E386670000
|
heap
|
page read and write
|
||
|
2B1F000
|
heap
|
page read and write
|
||
|
1E386C1A000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
1E384CC2000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E386BD0000
|
heap
|
page read and write
|
||
|
1E386BFA000
|
heap
|
page read and write
|
||
|
2A20000
|
trusted library allocation
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
1E384D1D000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
1E386D75000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
1E386CC5000
|
heap
|
page read and write
|
||
|
1E386D95000
|
heap
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
1E386D95000
|
heap
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
1E384CC4000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E3895F5000
|
heap
|
page read and write
|
||
|
1E386C12000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
5F76AFE000
|
stack
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E386BF2000
|
heap
|
page read and write
|
||
|
F5E000
|
stack
|
page read and write
|
||
|
DB7000
|
heap
|
page read and write
|
||
|
1E38BAD0000
|
heap
|
page readonly
|
||
|
9CC000
|
stack
|
page read and write
|
||
|
1E384CDF000
|
heap
|
page read and write
|
||
|
1E386BEF000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E386D03000
|
heap
|
page read and write
|
||
|
1E384CE0000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
F85000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
1E386D7A000
|
heap
|
page read and write
|
||
|
7DF4A7C31000
|
trusted library allocation
|
page execute read
|
||
|
1E386BC0000
|
heap
|
page read and write
|
||
|
1E386BF1000
|
heap
|
page read and write
|
||
|
1E386BD4000
|
heap
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
1E386D5E000
|
heap
|
page read and write
|
||
|
1E386CE5000
|
heap
|
page read and write
|
||
|
1E384CF3000
|
heap
|
page read and write
|
||
|
1E386D67000
|
heap
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
1E386D5D000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E386C18000
|
heap
|
page read and write
|
||
|
1E384CFE000
|
heap
|
page read and write
|
||
|
1E386C26000
|
heap
|
page read and write
|
||
|
1E384C30000
|
heap
|
page read and write
|
||
|
1E386C1E000
|
heap
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
1E386D95000
|
heap
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
1E386D67000
|
heap
|
page read and write
|
||
|
1E386D1E000
|
heap
|
page read and write
|
||
|
1E386685000
|
heap
|
page read and write
|
||
|
1E384CCC000
|
heap
|
page read and write
|
||
|
1E384CFD000
|
heap
|
page read and write
|
||
|
1E386C12000
|
heap
|
page read and write
|
||
|
1E389605000
|
heap
|
page read and write
|
||
|
1E3895F9000
|
heap
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
1E386DA7000
|
heap
|
page read and write
|
||
|
1E386BEF000
|
heap
|
page read and write
|
||
|
1E384BC0000
|
heap
|
page read and write
|
||
|
1E386CFC000
|
heap
|
page read and write
|
||
|
1E386BEC000
|
heap
|
page read and write
|
||
|
2B21000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E384CEF000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E386D67000
|
heap
|
page read and write
|
||
|
1E386D48000
|
heap
|
page read and write
|
||
|
1E384D11000
|
heap
|
page read and write
|
||
|
5F76BFB000
|
stack
|
page read and write
|
||
|
1E384CDB000
|
heap
|
page read and write
|
||
|
1E386D67000
|
heap
|
page read and write
|
||
|
1E384CCE000
|
heap
|
page read and write
|
||
|
1E386D6A000
|
heap
|
page read and write
|
||
|
1E386D95000
|
heap
|
page read and write
|
||
|
1E386CDD000
|
heap
|
page read and write
|
||
|
1E384CF2000
|
heap
|
page read and write
|
||
|
1E386C12000
|
heap
|
page read and write
|
||
|
1E386D6A000
|
heap
|
page read and write
|
||
|
1E3898C0000
|
heap
|
page read and write
|
||
|
1E384CDB000
|
heap
|
page read and write
|
||
|
1E3895F4000
|
heap
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
5F767EE000
|
stack
|
page read and write
|
||
|
1E386CC4000
|
heap
|
page read and write
|
||
|
2B1D000
|
heap
|
page read and write
|
||
|
1E384CE1000
|
heap
|
page read and write
|
||
|
1E386BF2000
|
heap
|
page read and write
|
||
|
1E386D1D000
|
heap
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
1E386D6A000
|
heap
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
1E386D4D000
|
heap
|
page read and write
|
||
|
2AED000
|
heap
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
1E386BFA000
|
heap
|
page read and write
|
||
|
1E388E10000
|
trusted library allocation
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E384CFE000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E386BF2000
|
heap
|
page read and write
|
||
|
1E384CCE000
|
heap
|
page read and write
|
||
|
108000
|
heap
|
page read and write
|
||
|
1E386D75000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
1E386D75000
|
heap
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
1E386CFC000
|
heap
|
page read and write
|
||
|
1E386C01000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E386D61000
|
heap
|
page read and write
|
||
|
5F76EFB000
|
stack
|
page read and write
|
||
|
1E386BFB000
|
heap
|
page read and write
|
||
|
1E384CDB000
|
heap
|
page read and write
|
||
|
1E386CFC000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E386D66000
|
heap
|
page read and write
|
||
|
1E386D95000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
1E386D4D000
|
heap
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
13F000
|
heap
|
page read and write
|
||
|
1E3897F0000
|
trusted library allocation
|
page read and write
|
||
|
1E384D02000
|
heap
|
page read and write
|
||
|
5F76768000
|
stack
|
page read and write
|
||
|
1E386BF0000
|
heap
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
1E386C1E000
|
heap
|
page read and write
|
||
|
1E38B622000
|
trusted library allocation
|
page read and write
|
||
|
1E386D3D000
|
heap
|
page read and write
|
||
|
1E386BE8000
|
heap
|
page read and write
|
||
|
2AEA000
|
heap
|
page read and write
|
||
|
1E386C0D000
|
heap
|
page read and write
|
||
|
1E386BFA000
|
heap
|
page read and write
|
||
|
1E386C1C000
|
heap
|
page read and write
|
||
|
1E386D7A000
|
heap
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
1E386BFE000
|
heap
|
page read and write
|
||
|
1E386C29000
|
heap
|
page read and write
|
||
|
1E386C12000
|
heap
|
page read and write
|
||
|
1E386C09000
|
heap
|
page read and write
|
||
|
1E386BF5000
|
heap
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
1E386D95000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E384CE1000
|
heap
|
page read and write
|
||
|
1E386D7A000
|
heap
|
page read and write
|
||
|
1E386BD9000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
1E384CE1000
|
heap
|
page read and write
|
||
|
1E386C24000
|
heap
|
page read and write
|
||
|
1E386C18000
|
heap
|
page read and write
|
||
|
1E386BEA000
|
heap
|
page read and write
|
||
|
1E386D5B000
|
heap
|
page read and write
|
||
|
1E386D0B000
|
heap
|
page read and write
|
||
|
1E386C04000
|
heap
|
page read and write
|
||
|
1E386BE5000
|
heap
|
page read and write
|
||
|
141000
|
heap
|
page read and write
|
||
|
1E386CFC000
|
heap
|
page read and write
|
||
|
1E386BFA000
|
heap
|
page read and write
|
||
|
1E386BEF000
|
heap
|
page read and write
|
||
|
1E386CE8000
|
heap
|
page read and write
|
||
|
5F76B7E000
|
stack
|
page read and write
|
||
|
1E389607000
|
heap
|
page read and write
|
||
|
1E384B70000
|
heap
|
page read and write
|
||
|
1E386C18000
|
heap
|
page read and write
|
||
|
1E386D4D000
|
heap
|
page read and write
|
||
|
1E384CE8000
|
heap
|
page read and write
|
There are 316 hidden memdumps, click here to show them.