Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\BGCBGCAF
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\BGHJJDGHCBGDHIECBGID
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\BKJKJEHJ
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\CAKKKJEHDBGIDHJKJDBFIIEBGC
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 11
|
dropped
|
||
|
C:\ProgramData\GIJDAFBK
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\ProgramData\HIEBAKEHDHCAKEBFBKEG
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\JDGCGHCG
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KFBFCAFCBKFI\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680449169[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
Chrome Cache Entry: 70
|
ASCII text, with very long lines (3935)
|
downloaded
|
There are 13 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://796299082092352771018332050787432950295397740/
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2020,i,13904423073980638453,1715731274265844286,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1960,i,9720651213267638284,544210953920903557,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2020,i,13904423073980638453,1715731274265844286,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\KFBFCAFCBKFI" & exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout /t 10
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://95.217.242.142/msvcp140.dll
|
95.217.242.142
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://95.217.242.142/vcruntime140.dll
|
95.217.242.142
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=EyWBqDQS-6jg&a
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://95.217.242.142/mozglue.dll
|
95.217.242.142
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199680449169
|
23.210.138.105
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://95.217.242.142/
|
95.217.242.142
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtT5aGM_-v7EGIjCEhPLSBTrZPAY39cVYHNd6_L3Rxj8WO6tEohgLxJlwyjn4Ct7LVz-jrTx9H46727MyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.191.164
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17e
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://95.217.242.142
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
|
unknown
|
||
|
https://95.217.242.142HJE
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.191.164
|
||
|
https://steamcommunity.com/profiles/76561199680449169jQ
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&am
|
unknown
|
||
|
https://95.217.242.142/msvcp140.dll/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=c4UneKQJ
|
unknown
|
||
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=3gW5J8_jG_Yc&l=e
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
https://mozilla.org0/
|
unknown
|
||
|
https://support.mic.BF
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://95.217.242.142/mozglue.dll;
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://95.217.242.14217d99a9f0nt-Disposition:
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199680449169/badges
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://support.office.c
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
https://95.217.242.142/msvcp140.dlly
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/login/home/?goto=profiles%2F76561199680449169
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
|
unknown
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://t.me/r1g1o
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=98m_
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://95.217.242.142/sqlx.dll
|
95.217.242.142
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://95.217.242.142/freebl3.dll7
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://95.217.242.142/vcruntime140.dllp
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
|
unknown
|
||
|
https://95.217.242.142/freebl3.dll
|
95.217.242.142
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://95.217.242.142/softokn3.dll
|
95.217.242.142
|
||
|
https://www.google.com/async/newtab_promos
|
142.250.191.164
|
||
|
https://store.steampowered.com/
|
unknown
|
||
|
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtT5aGM_-v7EGIjC59ZRJ1dYmOVgs9zYixs7a6VS3cYG9RFenPtHDW-sQCDxbcp_6fD5d67UVJ_1caB4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
|
142.250.191.164
|
||
|
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
|
unknown
|
||
|
https://95.217.242.142/nss3.dll
|
95.217.242.142
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199680449169/inventory/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.191.164
|
||
|
https://95.217.242.142/softokn3.dlli
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
142.250.191.164
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
steamcommunity.com
|
23.210.138.105
|
||
|
www.google.com
|
142.250.191.164
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.210.138.105
|
steamcommunity.com
|
United States
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
192.168.2.6
|
unknown
|
unknown
|
||
|
95.217.242.142
|
unknown
|
Germany
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.250.191.164
|
www.google.com
|
United States
|
||
|
142.250.191.196
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
FB5000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
A29000
|
unkown
|
page read and write
|
|
|
|
F6E000
|
stack
|
page read and write
|
||
|
3207000
|
heap
|
page read and write
|
||
|
9A3E000
|
stack
|
page read and write
|
||
|
19A8B000
|
heap
|
page read and write
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
D3C000
|
stack
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
513000
|
remote allocation
|
page execute and read and write
|
||
|
713E000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
FA3000
|
heap
|
page read and write
|
||
|
19CFB000
|
stack
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
1358C000
|
stack
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
E91E000
|
stack
|
page read and write
|
||
|
63C000
|
remote allocation
|
page execute and read and write
|
||
|
5F4000
|
remote allocation
|
page execute and read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
D2F000
|
stack
|
page read and write
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
E7F8000
|
heap
|
page read and write
|
||
|
2F3C000
|
stack
|
page read and write
|
||
|
19820000
|
direct allocation
|
page execute and read and write
|
||
|
13AC9000
|
heap
|
page read and write
|
||
|
19A2D000
|
direct allocation
|
page execute read
|
||
|
D65000
|
heap
|
page read and write
|
||
|
E7E0000
|
heap
|
page read and write
|
||
|
1085000
|
heap
|
page read and write
|
||
|
A5C000
|
unkown
|
page readonly
|
||
|
19828000
|
direct allocation
|
page execute read
|
||
|
137B4000
|
heap
|
page read and write
|
||
|
19A6D000
|
direct allocation
|
page readonly
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
E7BF000
|
stack
|
page read and write
|
||
|
10FA000
|
heap
|
page read and write
|
||
|
4DF0000
|
heap
|
page read and write
|
||
|
13AC7000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
1108000
|
heap
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
108F000
|
stack
|
page read and write
|
||
|
12EF000
|
stack
|
page read and write
|
||
|
F68000
|
heap
|
page read and write
|
||
|
19A6F000
|
direct allocation
|
page readonly
|
||
|
435000
|
remote allocation
|
page execute and read and write
|
||
|
431000
|
remote allocation
|
page execute and read and write
|
||
|
1034000
|
heap
|
page read and write
|
||
|
1342F000
|
stack
|
page read and write
|
||
|
EF5000
|
heap
|
page read and write
|
||
|
19A38000
|
direct allocation
|
page readonly
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
D33000
|
stack
|
page read and write
|
||
|
E6BE000
|
stack
|
page read and write
|
||
|
E63D000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
ABD000
|
stack
|
page read and write
|
||
|
13A02000
|
heap
|
page read and write
|
||
|
13820000
|
heap
|
page read and write
|
||
|
A1F000
|
unkown
|
page readonly
|
||
|
344F000
|
stack
|
page read and write
|
||
|
C0BC000
|
stack
|
page read and write
|
||
|
9B7D000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
13A20000
|
heap
|
page read and write
|
||
|
A1F000
|
unkown
|
page readonly
|
||
|
11AC000
|
heap
|
page read and write
|
||
|
A5C000
|
unkown
|
page readonly
|
||
|
51C000
|
remote allocation
|
page execute and read and write
|
||
|
E83A000
|
heap
|
page read and write
|
||
|
A00000
|
unkown
|
page readonly
|
||
|
C0FD000
|
stack
|
page read and write
|
||
|
A00000
|
unkown
|
page readonly
|
||
|
10E5D000
|
stack
|
page read and write
|
||
|
10A1000
|
heap
|
page read and write
|
||
|
F2A000
|
heap
|
page read and write
|
||
|
4C9F000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
BBD000
|
stack
|
page read and write
|
||
|
516000
|
remote allocation
|
page execute and read and write
|
||
|
A01000
|
unkown
|
page execute read
|
||
|
19A62000
|
direct allocation
|
page read and write
|
||
|
10EEE000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
2F7C000
|
stack
|
page read and write
|
||
|
A01000
|
unkown
|
page execute read
|
||
|
340E000
|
stack
|
page read and write
|
||
|
A2B000
|
unkown
|
page write copy
|
||
|
717E000
|
stack
|
page read and write
|
||
|
137B0000
|
heap
|
page read and write
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
19D4B000
|
stack
|
page read and write
|
||
|
10FE000
|
heap
|
page read and write
|
||
|
9B3F000
|
stack
|
page read and write
|
||
|
19986000
|
direct allocation
|
page execute read
|
||
|
A29000
|
unkown
|
page write copy
|
||
|
137B6000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
55A000
|
remote allocation
|
page execute and read and write
|
||
|
137B8000
|
heap
|
page read and write
|
||
|
19F9B000
|
stack
|
page read and write
|
||
|
138C2000
|
heap
|
page read and write
|
||
|
19A2F000
|
direct allocation
|
page readonly
|
||
|
19821000
|
direct allocation
|
page execute read
|
||
|
1A09C000
|
stack
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
13832000
|
heap
|
page read and write
|
||
|
121A000
|
heap
|
page read and write
|
||
|
96BF000
|
stack
|
page read and write
|
||
|
138BB000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
F85000
|
heap
|
page read and write
|
||
|
19A6A000
|
direct allocation
|
page readonly
|
||
|
1348C000
|
stack
|
page read and write
|
||
|
A5A000
|
unkown
|
page execute and read and write
|
||
|
136A0000
|
heap
|
page read and write
|
||
|
D2B000
|
stack
|
page read and write
|
There are 113 hidden memdumps, click here to show them.