Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Xy52lgBlGY.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\katFADF.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\EBAFBGIDHCBF\BKKFHI
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\EBAFBGIDHCBF\CGDGCF
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
modified
|
||
|
C:\ProgramData\EBAFBGIDHCBF\DAFIEH
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\EBAFBGIDHCBF\DGDBAK
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\EBAFBGIDHCBF\FCAAAA
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\EBAFBGIDHCBF\GHCGDA
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199686524322[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Xy52lgBlGY.exe
|
"C:\Users\user\Desktop\Xy52lgBlGY.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\katFADF.tmp
|
C:\Users\user\AppData\Local\Temp\katFADF.tmp
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://116.202.5.235:9000/BKKFHI-journal
|
unknown
|
|
|
|
https://116.202.5.235:9000/nss3.dllB
|
unknown
|
|
|
|
https://116.202.5.235:9000/mozglue.dllu
|
unknown
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://player.vimeo.com
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://116.202.5.235:9000/AX&
|
unknown
|
||
|
https://116.202.5.235:9000/freebl3.dllp
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://116.202.5.235:9000el
|
unknown
|
||
|
https://116.202.5.235:9000/freebl3.dll)S1
|
unknown
|
||
|
https://116.202.5.235:9000/soft
|
unknown
|
||
|
https://116.202.5.235:9000/Mj
|
unknown
|
||
|
https://116.202.5.235:9000/msvcp140.dll
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://www.gstatic.cn/recaptcha/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
|
unknown
|
||
|
https://116.202.5.235:9000/softokn3.dlldge
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.s
|
unknown
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://www.youtube.com
|
unknown
|
||
|
https://116.202.5.235:9000/nss3.dllE
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=6MtR
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199686524322r8p-Mozilla/5.0
|
unknown
|
||
|
https://116.202.5.235:9000/mozglue.dllEdge
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://116.202.5.235:90
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://116.202.5.235:9000/freebl3.dllD
|
unknown
|
||
|
https://s.ytimg.com;
|
unknown
|
||
|
https://116.202.5.235:9000/qX6
|
unknown
|
||
|
https://116.202.5.235:9000/freebl3.dllEdge
|
unknown
|
||
|
https://steam.tv/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
https://116.202.5.235:9000
|
unknown
|
||
|
https://116.202.5.235:9000/msvcp140.dlldge
|
unknown
|
||
|
https://116.202.5.235:9000/QXV
|
unknown
|
||
|
https://steamcommunity.com/login/home/?goto=profiles%2F76561199686524322
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://116.202.5.235:9000/sqlx.dll
|
unknown
|
||
|
https://116.202.5.235:9000/ll&
|
unknown
|
||
|
https://116.202.5.235:9000ing
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://116.202.5.235:9000ibefposoft
|
unknown
|
||
|
https://sketchfab.com
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://lv.queniujq.cn
|
unknown
|
||
|
https://116.202.5.235:9000/msvcp140.dllS6:
|
unknown
|
||
|
https://www.youtube.com/
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://116.202.5.235:9000/softokn3.dll
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
https://116.202.5.235:9000/vcruntime140.dll1a
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
|
unknown
|
||
|
https://www.google.com/recaptcha/
|
unknown
|
||
|
https://checkout.steampowered.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
https://116.202.5.235:9000/ANi
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://store.steampowered.com/;
|
unknown
|
||
|
https://116.202.5.235:9000/nss3.dllft
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://116.202.5.235:9000/4cb4osoft
|
unknown
|
||
|
https://116.202.5.235:9000/vcruntime140.dllUser
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://t.me/
|
unknown
|
||
|
https://116.202.5.235:9000/vcruntime140.dllser
|
unknown
|
||
|
https://116.202.5.235:9000/i
|
unknown
|
||
|
https://t.me/7
|
unknown
|
||
|
https://web.telegram.org
|
unknown
|
||
|
https://116.202.5.235/0
|
unknown
|
||
|
https://116.202.5.235:9000/msvcp140.dllX6%
|
unknown
|
||
|
https://116.202.5.235/.
|
unknown
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=5CgcHEsWGAFt&a
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
steamcommunity.com
|
104.102.42.29
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
t.me
|
149.154.167.99
|
||
|
198.187.3.20.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.102.42.29
|
steamcommunity.com
|
United States
|
|
|
|
116.202.5.235
|
unknown
|
Germany
|
||
|
149.154.167.99
|
t.me
|
United Kingdom
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
44B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
446000
|
remote allocation
|
page execute and read and write
|
|
|
|
4299000
|
direct allocation
|
page execute and read and write
|
|
|
|
4190000
|
direct allocation
|
page execute and read and write
|
|
|
|
44F0000
|
direct allocation
|
page read and write
|
|
|
|
9BB000
|
heap
|
page read and write
|
||
|
A36000
|
heap
|
page read and write
|
||
|
A1C000
|
heap
|
page read and write
|
||
|
ACD000
|
heap
|
page read and write
|
||
|
9DE000
|
heap
|
page read and write
|
||
|
A47000
|
heap
|
page read and write
|
||
|
A47000
|
heap
|
page read and write
|
||
|
194BD000
|
direct allocation
|
page execute read
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
16B70000
|
remote allocation
|
page read and write
|
||
|
AB1000
|
heap
|
page read and write
|
||
|
95C000
|
heap
|
page read and write
|
||
|
94D000
|
heap
|
page read and write
|
||
|
8CF000
|
heap
|
page read and write
|
||
|
194FF000
|
direct allocation
|
page readonly
|
||
|
990000
|
heap
|
page read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
9B2000
|
heap
|
page read and write
|
||
|
9CD000
|
heap
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
ACA000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
19416000
|
direct allocation
|
page execute read
|
||
|
24791000
|
heap
|
page read and write
|
||
|
24773000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8A3000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
8BE000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
924000
|
heap
|
page read and write
|
||
|
955000
|
heap
|
page read and write
|
||
|
1D91E000
|
stack
|
page read and write
|
||
|
944000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
994000
|
heap
|
page read and write
|
||
|
16B70000
|
remote allocation
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
909000
|
heap
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
194F2000
|
direct allocation
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
ACD000
|
heap
|
page read and write
|
||
|
91F000
|
heap
|
page read and write
|
||
|
1914C000
|
stack
|
page read and write
|
||
|
992000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
942000
|
heap
|
page read and write
|
||
|
8FC000
|
heap
|
page read and write
|
||
|
905000
|
heap
|
page read and write
|
||
|
8C6000
|
heap
|
page read and write
|
||
|
B48F000
|
stack
|
page read and write
|
||
|
996000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
8EA000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
4B4000
|
unkown
|
page readonly
|
||
|
98C000
|
heap
|
page read and write
|
||
|
8F6000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
2260000
|
direct allocation
|
page execute and read and write
|
||
|
194FA000
|
direct allocation
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8C6000
|
heap
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
466000
|
unkown
|
page write copy
|
||
|
19C000
|
stack
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
9BA000
|
heap
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
16BAE000
|
stack
|
page read and write
|
||
|
953000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
AB4000
|
heap
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
8D7000
|
heap
|
page read and write
|
||
|
2304000
|
direct allocation
|
page read and write
|
||
|
FDCE000
|
stack
|
page read and write
|
||
|
8DC000
|
heap
|
page read and write
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
8E3000
|
heap
|
page read and write
|
||
|
586000
|
remote allocation
|
page execute and read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
16B70000
|
remote allocation
|
page read and write
|
||
|
466000
|
unkown
|
page read and write
|
||
|
19004000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
991000
|
heap
|
page read and write
|
||
|
221DC000
|
stack
|
page read and write
|
||
|
192B8000
|
direct allocation
|
page execute read
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
AB7000
|
heap
|
page read and write
|
||
|
194C8000
|
direct allocation
|
page readonly
|
||
|
940000
|
heap
|
page read and write
|
||
|
1D95E000
|
stack
|
page read and write
|
||
|
AB7000
|
heap
|
page read and write
|
||
|
925000
|
heap
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
ACD000
|
heap
|
page read and write
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
D94E000
|
stack
|
page read and write
|
||
|
19171000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
8F1000
|
heap
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
42E000
|
remote allocation
|
page execute and read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
9B9000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
941000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
A47000
|
heap
|
page read and write
|
||
|
8F6000
|
heap
|
page read and write
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
523000
|
remote allocation
|
page execute and read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
192B0000
|
direct allocation
|
page execute and read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
998000
|
heap
|
page read and write
|
||
|
952000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
8EF000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
567000
|
remote allocation
|
page execute and read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
ACB000
|
heap
|
page read and write
|
||
|
AB1000
|
heap
|
page read and write
|
||
|
905000
|
heap
|
page read and write
|
||
|
8DC000
|
heap
|
page read and write
|
||
|
951000
|
heap
|
page read and write
|
||
|
996000
|
heap
|
page read and write
|
||
|
ACD000
|
heap
|
page read and write
|
||
|
91F000
|
heap
|
page read and write
|
||
|
91F000
|
heap
|
page read and write
|
||
|
A75000
|
heap
|
page read and write
|
||
|
8FF000
|
heap
|
page read and write
|
||
|
9BC000
|
heap
|
page read and write
|
||
|
91F000
|
heap
|
page read and write
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
891000
|
heap
|
page read and write
|
||
|
A0A000
|
heap
|
page read and write
|
||
|
19170000
|
heap
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
AB1000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
9B1000
|
heap
|
page read and write
|
||
|
422000
|
remote allocation
|
page execute and read and write
|
||
|
ABC000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
8EF000
|
heap
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
192A0000
|
heap
|
page read and write
|
||
|
95F000
|
heap
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
953000
|
heap
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
927000
|
heap
|
page read and write
|
||
|
9F9000
|
heap
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
8F9000
|
heap
|
page read and write
|
||
|
ABC000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
ABB000
|
heap
|
page read and write
|
||
|
951000
|
heap
|
page read and write
|
||
|
9A2000
|
heap
|
page read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
94C000
|
heap
|
page read and write
|
||
|
55E000
|
remote allocation
|
page execute and read and write
|
||
|
24633000
|
heap
|
page read and write
|
||
|
D90F000
|
stack
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
9CD000
|
heap
|
page read and write
|
||
|
95F000
|
heap
|
page read and write
|
||
|
A49000
|
heap
|
page read and write
|
||
|
914000
|
heap
|
page read and write
|
||
|
ACD000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
957000
|
heap
|
page read and write
|
||
|
8F8000
|
heap
|
page read and write
|
||
|
90A000
|
heap
|
page read and write
|
||
|
A43000
|
heap
|
page read and write
|
||
|
62E000
|
remote allocation
|
page execute and read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
996000
|
heap
|
page read and write
|
||
|
8F1000
|
heap
|
page read and write
|
||
|
8B7000
|
heap
|
page read and write
|
||
|
AB1000
|
heap
|
page read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
8B7000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
909000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
9AF000
|
stack
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
AB3000
|
heap
|
page read and write
|
||
|
9A6000
|
heap
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
883000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
905000
|
heap
|
page read and write
|
||
|
24838000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
98C000
|
heap
|
page read and write
|
||
|
19178000
|
heap
|
page read and write
|
||
|
95F000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
16B0D000
|
stack
|
page read and write
|
||
|
2483A000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
9FA000
|
heap
|
page read and write
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
904E000
|
stack
|
page read and write
|
||
|
A47000
|
heap
|
page read and write
|
||
|
192B0000
|
trusted library allocation
|
page read and write
|
||
|
95F000
|
heap
|
page read and write
|
||
|
194000
|
stack
|
page read and write
|
||
|
ACA000
|
heap
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
989000
|
heap
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
2300000
|
direct allocation
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
95C000
|
heap
|
page read and write
|
||
|
9C9000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
8F6000
|
heap
|
page read and write
|
||
|
93A000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
7DE000
|
heap
|
page read and write
|
||
|
8C6000
|
heap
|
page read and write
|
||
|
19E000
|
stack
|
page read and write
|
||
|
951000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
997000
|
heap
|
page read and write
|
||
|
1B4DE000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
7B7000
|
heap
|
page read and write
|
||
|
9B8000
|
heap
|
page read and write
|
||
|
63F000
|
remote allocation
|
page execute and read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
1951F000
|
heap
|
page read and write
|
||
|
18FEF000
|
stack
|
page read and write
|
||
|
8E2000
|
heap
|
page read and write
|
||
|
7DD000
|
heap
|
page read and write
|
||
|
ACD000
|
heap
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
469000
|
unkown
|
page write copy
|
||
|
A0A000
|
heap
|
page read and write
|
||
|
8D7000
|
heap
|
page read and write
|
||
|
7B9000
|
heap
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
146CE000
|
stack
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
923000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
76B0000
|
heap
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
194BF000
|
direct allocation
|
page readonly
|
||
|
ACD000
|
heap
|
page read and write
|
||
|
FD8F000
|
stack
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
ACD000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
94C000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
954000
|
heap
|
page read and write
|
||
|
9B2000
|
heap
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
A36000
|
heap
|
page read and write
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
907000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
95F000
|
heap
|
page read and write
|
||
|
914000
|
heap
|
page read and write
|
||
|
ACB000
|
heap
|
page read and write
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
2462C000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
944000
|
heap
|
page read and write
|
||
|
194FD000
|
direct allocation
|
page readonly
|
||
|
76B5000
|
heap
|
page read and write
|
||
|
561000
|
remote allocation
|
page execute and read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
9CB000
|
heap
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
2483000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
76BE000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
93B000
|
heap
|
page read and write
|
||
|
1FD9E000
|
stack
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
1468D000
|
stack
|
page read and write
|
||
|
98F000
|
heap
|
page read and write
|
||
|
8CF000
|
heap
|
page read and write
|
||
|
4AC000
|
unkown
|
page write copy
|
||
|
A37000
|
heap
|
page read and write
|
||
|
992000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
AAF000
|
stack
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
9CA000
|
heap
|
page read and write
|
||
|
4020000
|
direct allocation
|
page execute and read and write
|
||
|
5A5000
|
remote allocation
|
page execute and read and write
|
||
|
19000000
|
heap
|
page read and write
|
||
|
1220F000
|
stack
|
page read and write
|
||
|
8F9000
|
heap
|
page read and write
|
||
|
9A4000
|
heap
|
page read and write
|
||
|
88B000
|
heap
|
page read and write
|
||
|
94F000
|
heap
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
9BA000
|
heap
|
page read and write
|
||
|
83E000
|
heap
|
page read and write
|
||
|
B4CE000
|
stack
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
8C4000
|
heap
|
page read and write
|
||
|
1224E000
|
stack
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
8FE000
|
heap
|
page read and write
|
||
|
AB7000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
95B000
|
heap
|
page read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
A47000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
955000
|
heap
|
page read and write
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
AB2000
|
heap
|
page read and write
|
||
|
A36000
|
heap
|
page read and write
|
||
|
8F8000
|
heap
|
page read and write
|
||
|
9F9000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
8DD000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
94F000
|
heap
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
8A7000
|
heap
|
page read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
944000
|
heap
|
page read and write
|
||
|
9CE000
|
heap
|
page read and write
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
8F6000
|
heap
|
page read and write
|
||
|
99D000
|
heap
|
page read and write
|
||
|
192B1000
|
direct allocation
|
page execute read
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
AB3000
|
heap
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
A3C000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
8BF000
|
heap
|
page read and write
|
||
|
9B2000
|
heap
|
page read and write
|
||
|
7D6000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
924000
|
heap
|
page read and write
|
||
|
895000
|
heap
|
page read and write
|
||
|
905000
|
heap
|
page read and write
|
||
|
9AE000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
ABF000
|
heap
|
page read and write
|
||
|
9C5000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
941000
|
heap
|
page read and write
|
||
|
4AF000
|
unkown
|
page write copy
|
||
|
989000
|
heap
|
page read and write
|
||
|
9A1000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
908000
|
heap
|
page read and write
|
||
|
91F000
|
heap
|
page read and write
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
9AB000
|
heap
|
page read and write
|
There are 450 hidden memdumps, click here to show them.