Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
ceFgl3jkkk.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\VCRUNTIME140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_asyncio.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_bz2.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_ctypes.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_decimal.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_hashlib.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_lzma.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_multiprocessing.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_overlapped.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_queue.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_socket.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_ssl.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\_uuid.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\base_library.zip
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\libcrypto-1_1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\libffi-7.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\libssl-1_1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\pyexpat.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\python39.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\select.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\_MEI8242\unicodedata.pyd
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\ceFgl3jkkk.exe
|
"C:\Users\user\Desktop\ceFgl3jkkk.exe"
|
||
C:\Users\user\Desktop\ceFgl3jkkk.exe
|
"C:\Users\user\Desktop\ceFgl3jkkk.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
|
C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ngentask.exe
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
droppyrelivei.cfd
|
|||
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
|
unknown
|
||
https://steamcommunity.com/profiles/76561199724331900
|
104.102.49.254
|
||
https://www.ntcore.com/files/richsign.htm
|
unknown
|
||
https://auscitte.github.io/systems%20blog/Exception-Directory-pefile#implementation-details
|
unknown
|
||
https://www.python.org/download/releases/2.3/mro/.
|
unknown
|
||
http://ocsp.thawte.com0
|
unknown
|
||
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
|
unknown
|
||
resinedyw.sbs
|
|||
enlargkiw.sbs
|
|||
https://community.fastly.steamstatic.co
|
unknown
|
||
https://marshal-zhukov.com/api)
|
unknown
|
||
https://www.python.org/dev/peps/pep-0205/
|
unknown
|
||
allocatinow.sbs
|
|||
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
https://python.org/dev/peps/pep-0263/
|
unknown
|
||
drawwyobstacw.sbs
|
|||
vennurviot.sbs
|
|||
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
|
unknown
|
||
http://crl3.digi
|
unknown
|
||
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?
|
unknown
|
||
ehticsprocw.sbs
|
|||
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
|
unknown
|
||
https://marshal-zhukov.com/apis
|
unknown
|
||
https://community.fastly.steamstatic.com/public/im
|
unknown
|
||
mathcucom.sbs
|
|||
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=id
|
unknown
|
||
https://www.openssl.org/H
|
unknown
|
||
https://marshal-zhukov.com/
|
unknown
|
||
https://community.fastly.steamstati
|
unknown
|
||
condifendteu.sbs
|
|||
http://store.steampowered.com/account/cookiepreferences/
|
unknown
|
||
https://marshal-zhukov.com/api
|
188.114.97.3
|
||
http://crl4.digice
|
unknown
|
||
https://www.mandiant.com/resources/blog/tracking-malware-import-hashing
|
unknown
|
||
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
|
unknown
|
||
https://store.steampowered.com/legal/
|
unknown
|
There are 29 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
droppyrelivei.cfd
|
unknown
|
||
condifendteu.sbs
|
unknown
|
||
allocatinow.sbs
|
unknown
|
||
vennurviot.sbs
|
unknown
|
||
drawwyobstacw.sbs
|
unknown
|
||
mathcucom.sbs
|
unknown
|
||
ehticsprocw.sbs
|
unknown
|
||
resinedyw.sbs
|
unknown
|
||
enlargkiw.sbs
|
unknown
|
||
steamcommunity.com
|
104.102.49.254
|
||
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
marshal-zhukov.com
|
188.114.97.3
|
There are 2 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
188.114.97.3
|
marshal-zhukov.com
|
European Union
|
||
104.102.49.254
|
steamcommunity.com
|
United States
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
9C8B000
|
heap
|
page read and write
|
||
DFE000
|
heap
|
page read and write
|
||
9D82000
|
heap
|
page read and write
|
||
334D000
|
heap
|
page read and write
|
||
D3D000
|
heap
|
page read and write
|
||
D52000
|
heap
|
page read and write
|
||
D5C000
|
heap
|
page read and write
|
||
D28000
|
heap
|
page read and write
|
||
D84000
|
heap
|
page read and write
|
||
D8C000
|
heap
|
page read and write
|
||
12BE000
|
stack
|
page read and write
|
||
342E000
|
stack
|
page read and write
|
||
32E3000
|
heap
|
page read and write
|
||
F90000
|
unkown
|
page readonly
|
||
F51000
|
unkown
|
page execute read
|
||
C45000
|
heap
|
page read and write
|
||
D78000
|
heap
|
page read and write
|
||
DE9000
|
heap
|
page read and write
|
||
DDD000
|
heap
|
page read and write
|
||
D90000
|
heap
|
page read and write
|
||
32B9000
|
heap
|
page read and write
|
||
D98000
|
heap
|
page read and write
|
||
A330000
|
direct allocation
|
page read and write
|
||
D64000
|
heap
|
page read and write
|
||
D7B000
|
heap
|
page read and write
|
||
DB5000
|
heap
|
page read and write
|
||
DE0000
|
heap
|
page read and write
|
||
3EB5000
|
heap
|
page read and write
|
||
D82000
|
heap
|
page read and write
|
||
DDF000
|
heap
|
page read and write
|
||
66C000
|
stack
|
page read and write
|
||
9C0D000
|
heap
|
page read and write
|
||
2CDD000
|
stack
|
page read and write
|
||
32D6000
|
heap
|
page read and write
|
||
DDC000
|
heap
|
page read and write
|
||
A3B0000
|
direct allocation
|
page read and write
|
||
3710000
|
heap
|
page read and write
|
||
11B5000
|
heap
|
page read and write
|
||
9DD6000
|
heap
|
page read and write
|
||
D83000
|
heap
|
page read and write
|
||
A430000
|
direct allocation
|
page read and write
|
||
D34000
|
heap
|
page read and write
|
||
32EE000
|
heap
|
page read and write
|
||
32F4000
|
heap
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
A3F0000
|
direct allocation
|
page read and write
|
||
BE3000
|
stack
|
page read and write
|
||
6DA000
|
heap
|
page read and write
|
||
F80000
|
unkown
|
page write copy
|
||
3342000
|
heap
|
page read and write
|
||
3430000
|
direct allocation
|
page read and write
|
||
DB4000
|
heap
|
page read and write
|
||
33DE000
|
stack
|
page read and write
|
||
32E6000
|
heap
|
page read and write
|
||
3342000
|
heap
|
page read and write
|
||
D90000
|
heap
|
page read and write
|
||
D84000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
DA8000
|
heap
|
page read and write
|
||
DFC000
|
heap
|
page read and write
|
||
3311000
|
heap
|
page read and write
|
||
9C1A000
|
heap
|
page read and write
|
||
DAE000
|
heap
|
page read and write
|
||
2BA0000
|
heap
|
page read and write
|
||
3270000
|
direct allocation
|
page read and write
|
||
333E000
|
heap
|
page read and write
|
||
334D000
|
heap
|
page read and write
|
||
6D0000
|
heap
|
page read and write
|
||
3360000
|
heap
|
page read and write
|
||
32E3000
|
heap
|
page read and write
|
||
DE1000
|
heap
|
page read and write
|
||
11AE000
|
stack
|
page read and write
|
||
333A000
|
heap
|
page read and write
|
||
1391000
|
heap
|
page read and write
|
||
D64000
|
heap
|
page read and write
|
||
D9F000
|
heap
|
page read and write
|
||
A370000
|
direct allocation
|
page read and write
|
||
52B5000
|
heap
|
page read and write
|
||
DFE000
|
heap
|
page read and write
|
||
32E3000
|
heap
|
page read and write
|
||
DB4000
|
heap
|
page read and write
|
||
BEC000
|
stack
|
page read and write
|
||
F73000
|
unkown
|
page readonly
|
||
D4C000
|
heap
|
page read and write
|
||
D83000
|
heap
|
page read and write
|
||
E0D000
|
heap
|
page read and write
|
||
85E000
|
stack
|
page read and write
|
||
32E6000
|
heap
|
page read and write
|
||
9BA9000
|
heap
|
page read and write
|
||
D8A000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
32D8000
|
heap
|
page read and write
|
||
AF30000
|
heap
|
page read and write
|
||
2C80000
|
heap
|
page read and write
|
||
D84000
|
heap
|
page read and write
|
||
333F000
|
heap
|
page read and write
|
||
D3D000
|
heap
|
page read and write
|
||
32D2000
|
heap
|
page read and write
|
||
32E2000
|
heap
|
page read and write
|
||
66B5000
|
heap
|
page read and write
|
||
D20000
|
heap
|
page read and write
|
||
B2E000
|
stack
|
page read and write
|
||
F90000
|
unkown
|
page readonly
|
||
381F000
|
stack
|
page read and write
|
||
331D000
|
heap
|
page read and write
|
||
A170000
|
direct allocation
|
page read and write
|
||
D88000
|
heap
|
page read and write
|
||
1050000
|
heap
|
page read and write
|
||
D55000
|
heap
|
page read and write
|
||
3397000
|
heap
|
page read and write
|
||
32D6000
|
heap
|
page read and write
|
||
D83000
|
heap
|
page read and write
|
||
32DC000
|
heap
|
page read and write
|
||
32D5000
|
heap
|
page read and write
|
||
DB4000
|
heap
|
page read and write
|
||
DA0000
|
heap
|
page read and write
|
||
12D8000
|
heap
|
page read and write
|
||
DE6000
|
heap
|
page read and write
|
||
D4E000
|
heap
|
page read and write
|
||
D52000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
333A000
|
heap
|
page read and write
|
||
DF8000
|
heap
|
page read and write
|
||
D96000
|
heap
|
page read and write
|
||
32F4000
|
heap
|
page read and write
|
||
DB4000
|
heap
|
page read and write
|
||
331A000
|
heap
|
page read and write
|
||
2DDC000
|
stack
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
9B30000
|
heap
|
page read and write
|
||
32EE000
|
heap
|
page read and write
|
||
DC8000
|
heap
|
page read and write
|
||
DB4000
|
heap
|
page read and write
|
||
DEC000
|
stack
|
page read and write
|
||
14CF000
|
stack
|
page read and write
|
||
DB5000
|
heap
|
page read and write
|
||
66A000
|
stack
|
page read and write
|
||
DAE000
|
heap
|
page read and write
|
||
D64000
|
heap
|
page read and write
|
||
12D0000
|
heap
|
page read and write
|
||
D84000
|
heap
|
page read and write
|
||
2F4D000
|
stack
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
D8C000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
333A000
|
heap
|
page read and write
|
||
F51000
|
unkown
|
page execute read
|
||
D90000
|
heap
|
page read and write
|
||
D55000
|
heap
|
page read and write
|
||
6B0000
|
heap
|
page read and write
|
||
32B1000
|
heap
|
page read and write
|
||
D96000
|
heap
|
page read and write
|
||
6B8000
|
heap
|
page read and write
|
||
DFB000
|
heap
|
page read and write
|
||
DDE000
|
heap
|
page read and write
|
||
D81000
|
heap
|
page read and write
|
||
D5C000
|
heap
|
page read and write
|
||
32E6000
|
heap
|
page read and write
|
||
D6A000
|
heap
|
page read and write
|
||
DB4000
|
heap
|
page read and write
|
||
DF4000
|
heap
|
page read and write
|
||
D8C000
|
heap
|
page read and write
|
||
32F7000
|
heap
|
page read and write
|
||
DB5000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
D64000
|
heap
|
page read and write
|
||
1342000
|
heap
|
page read and write
|
||
32EE000
|
heap
|
page read and write
|
||
DB5000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
DB5000
|
heap
|
page read and write
|
||
F90000
|
unkown
|
page readonly
|
||
D7D000
|
heap
|
page read and write
|
||
D64000
|
heap
|
page read and write
|
||
CF0000
|
heap
|
page read and write
|
||
D90000
|
heap
|
page read and write
|
||
9B9E000
|
heap
|
page read and write
|
||
334B000
|
heap
|
page read and write
|
||
C60000
|
heap
|
page read and write
|
||
31B0000
|
direct allocation
|
page read and write
|
||
D4C000
|
heap
|
page read and write
|
||
48B5000
|
heap
|
page read and write
|
||
D64000
|
heap
|
page read and write
|
||
D8A000
|
heap
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
DE9000
|
heap
|
page read and write
|
||
32BA000
|
heap
|
page read and write
|
||
1396000
|
heap
|
page read and write
|
||
DA1000
|
heap
|
page read and write
|
||
D96000
|
heap
|
page read and write
|
||
12C0000
|
heap
|
page read and write
|
||
F8F000
|
unkown
|
page read and write
|
||
F51000
|
unkown
|
page execute read
|
||
1347000
|
heap
|
page read and write
|
||
3350000
|
heap
|
page read and write
|
||
71AA000
|
heap
|
page read and write
|
||
DE9000
|
heap
|
page read and write
|
||
6C9000
|
heap
|
page read and write
|
||
D5A000
|
heap
|
page read and write
|
||
3030000
|
direct allocation
|
page read and write
|
||
133E000
|
heap
|
page read and write
|
||
D64000
|
heap
|
page read and write
|
||
3328000
|
heap
|
page read and write
|
||
DAE000
|
heap
|
page read and write
|
||
D88000
|
heap
|
page read and write
|
||
32EE000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
32B1000
|
heap
|
page read and write
|
||
D96000
|
heap
|
page read and write
|
||
DA5000
|
heap
|
page read and write
|
||
458000
|
remote allocation
|
page execute and read and write
|
||
32DD000
|
heap
|
page read and write
|
||
A530000
|
heap
|
page read and write
|
||
DEE000
|
heap
|
page read and write
|
||
6C9000
|
heap
|
page read and write
|
||
9CFC000
|
heap
|
page read and write
|
||
DF4000
|
heap
|
page read and write
|
||
DD7000
|
heap
|
page read and write
|
||
D96000
|
heap
|
page read and write
|
||
32DD000
|
heap
|
page read and write
|
||
334C000
|
heap
|
page read and write
|
||
32CD000
|
heap
|
page read and write
|
||
32B4000
|
heap
|
page read and write
|
||
C40000
|
heap
|
page read and write
|
||
A230000
|
direct allocation
|
page read and write
|
||
32E3000
|
heap
|
page read and write
|
||
D18000
|
heap
|
page read and write
|
||
F51000
|
unkown
|
page execute read
|
||
3342000
|
heap
|
page read and write
|
||
DC2000
|
heap
|
page read and write
|
||
D55000
|
heap
|
page read and write
|
||
D9F000
|
heap
|
page read and write
|
||
DAE000
|
heap
|
page read and write
|
||
32BA000
|
heap
|
page read and write
|
||
6D9000
|
heap
|
page read and write
|
||
D88000
|
heap
|
page read and write
|
||
F80000
|
unkown
|
page read and write
|
||
32D2000
|
heap
|
page read and write
|
||
DE5000
|
heap
|
page read and write
|
||
DFE000
|
heap
|
page read and write
|
||
DF8000
|
heap
|
page read and write
|
||
9B31000
|
heap
|
page read and write
|
||
9D84000
|
heap
|
page read and write
|
||
A2F0000
|
direct allocation
|
page read and write
|
||
D55000
|
heap
|
page read and write
|
||
DA1000
|
heap
|
page read and write
|
||
3400000
|
heap
|
page read and write
|
||
DFB000
|
heap
|
page read and write
|
||
2B60000
|
direct allocation
|
page read and write
|
||
3344000
|
heap
|
page read and write
|
||
D55000
|
heap
|
page read and write
|
||
CAD000
|
stack
|
page read and write
|
||
32B1000
|
heap
|
page read and write
|
||
1312000
|
heap
|
page read and write
|
||
9C19000
|
heap
|
page read and write
|
||
F50000
|
unkown
|
page readonly
|
||
DA5000
|
heap
|
page read and write
|
||
DFE000
|
heap
|
page read and write
|
||
D73000
|
heap
|
page read and write
|
||
D5A000
|
heap
|
page read and write
|
||
3328000
|
heap
|
page read and write
|
||
36EE000
|
stack
|
page read and write
|
||
3343000
|
heap
|
page read and write
|
||
F73000
|
unkown
|
page readonly
|
||
D83000
|
heap
|
page read and write
|
||
368F000
|
stack
|
page read and write
|
||
DDC000
|
heap
|
page read and write
|
||
D8A000
|
heap
|
page read and write
|
||
32EB000
|
heap
|
page read and write
|
||
DA1000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
33B0000
|
direct allocation
|
page read and write
|
||
D98000
|
heap
|
page read and write
|
||
F83000
|
unkown
|
page read and write
|
||
D1F000
|
stack
|
page read and write
|
||
DAE000
|
heap
|
page read and write
|
||
DDC000
|
heap
|
page read and write
|
||
D78000
|
heap
|
page read and write
|
||
3360000
|
heap
|
page read and write
|
||
DB4000
|
heap
|
page read and write
|
||
1321000
|
heap
|
page read and write
|
||
CEB000
|
stack
|
page read and write
|
||
A130000
|
direct allocation
|
page read and write
|
||
DF4000
|
heap
|
page read and write
|
||
D70000
|
heap
|
page read and write
|
||
860000
|
heap
|
page read and write
|
||
DFB000
|
heap
|
page read and write
|
||
67AA000
|
heap
|
page read and write
|
||
DA7000
|
heap
|
page read and write
|
||
6DA000
|
heap
|
page read and write
|
||
3360000
|
heap
|
page read and write
|
||
132E000
|
heap
|
page read and write
|
||
31F0000
|
direct allocation
|
page read and write
|
||
32D0000
|
heap
|
page read and write
|
||
32BC000
|
heap
|
page read and write
|
||
5CB5000
|
heap
|
page read and write
|
||
9C0E000
|
heap
|
page read and write
|
||
CED000
|
stack
|
page read and write
|
||
6D1000
|
heap
|
page read and write
|
||
D4D000
|
heap
|
page read and write
|
||
DC7000
|
heap
|
page read and write
|
||
A1B0000
|
direct allocation
|
page read and write
|
||
400000
|
remote allocation
|
page execute and read and write
|
||
D96000
|
heap
|
page read and write
|
||
12FE000
|
heap
|
page read and write
|
||
81E000
|
stack
|
page read and write
|
||
D9F000
|
heap
|
page read and write
|
||
3360000
|
heap
|
page read and write
|
||
D5C000
|
heap
|
page read and write
|
||
DDC000
|
heap
|
page read and write
|
||
DDC000
|
heap
|
page read and write
|
||
333A000
|
heap
|
page read and write
|
||
47C000
|
stack
|
page read and write
|
||
D70000
|
heap
|
page read and write
|
||
D9F000
|
heap
|
page read and write
|
||
116E000
|
stack
|
page read and write
|
||
DAE000
|
heap
|
page read and write
|
||
32D6000
|
heap
|
page read and write
|
||
B757000
|
heap
|
page read and write
|
||
E0D000
|
heap
|
page read and write
|
||
3350000
|
heap
|
page read and write
|
||
3230000
|
direct allocation
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
D4D000
|
heap
|
page read and write
|
||
6DA000
|
heap
|
page read and write
|
||
F80000
|
unkown
|
page write copy
|
||
334C000
|
heap
|
page read and write
|
||
D82000
|
heap
|
page read and write
|
||
32F0000
|
heap
|
page read and write
|
||
F80000
|
unkown
|
page read and write
|
||
9CFC000
|
heap
|
page read and write
|
||
32DC000
|
heap
|
page read and write
|
||
DFE000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
DDD000
|
heap
|
page read and write
|
||
333A000
|
heap
|
page read and write
|
||
F73000
|
unkown
|
page readonly
|
||
2E40000
|
heap
|
page read and write
|
||
3360000
|
heap
|
page read and write
|
||
D83000
|
heap
|
page read and write
|
||
F50000
|
unkown
|
page readonly
|
||
6CD000
|
heap
|
page read and write
|
||
D8B000
|
heap
|
page read and write
|
||
DB5000
|
heap
|
page read and write
|
||
34B5000
|
heap
|
page read and write
|
||
D58000
|
heap
|
page read and write
|
||
334A000
|
heap
|
page read and write
|
||
26B0000
|
heap
|
page read and write
|
||
137E000
|
stack
|
page read and write
|
||
D83000
|
heap
|
page read and write
|
||
D57000
|
heap
|
page read and write
|
||
9C8B000
|
heap
|
page read and write
|
||
3360000
|
heap
|
page read and write
|
||
D49000
|
heap
|
page read and write
|
||
DB5000
|
heap
|
page read and write
|
||
32CF000
|
heap
|
page read and write
|
||
3470000
|
direct allocation
|
page read and write
|
||
32B1000
|
heap
|
page read and write
|
||
DC3000
|
heap
|
page read and write
|
||
11B0000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
D55000
|
heap
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
D7C000
|
heap
|
page read and write
|
||
D83000
|
heap
|
page read and write
|
||
32DE000
|
stack
|
page read and write
|
||
3360000
|
heap
|
page read and write
|
||
D64000
|
heap
|
page read and write
|
||
DAE000
|
heap
|
page read and write
|
||
D5A000
|
heap
|
page read and write
|
||
32E9000
|
heap
|
page read and write
|
||
D58000
|
heap
|
page read and write
|
||
358E000
|
stack
|
page read and write
|
||
32B1000
|
heap
|
page read and write
|
||
F8F000
|
unkown
|
page read and write
|
||
D7C000
|
heap
|
page read and write
|
||
9CFC000
|
heap
|
page read and write
|
||
DAE000
|
heap
|
page read and write
|
||
32D4000
|
heap
|
page read and write
|
||
2B20000
|
direct allocation
|
page read and write
|
||
9D31000
|
heap
|
page read and write
|
||
3360000
|
heap
|
page read and write
|
||
F50000
|
unkown
|
page readonly
|
||
F00000
|
direct allocation
|
page read and write
|
||
D86000
|
heap
|
page read and write
|
||
32CD000
|
heap
|
page read and write
|
||
DA6000
|
heap
|
page read and write
|
||
DEC000
|
heap
|
page read and write
|
||
6D6000
|
heap
|
page read and write
|
||
333A000
|
heap
|
page read and write
|
||
DA6000
|
heap
|
page read and write
|
||
D95000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
DB4000
|
heap
|
page read and write
|
||
32B1000
|
heap
|
page read and write
|
||
DF8000
|
heap
|
page read and write
|
||
DFC000
|
heap
|
page read and write
|
||
32E7000
|
heap
|
page read and write
|
||
32E3000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
DF4000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
12ED000
|
heap
|
page read and write
|
||
D83000
|
heap
|
page read and write
|
||
DE9000
|
heap
|
page read and write
|
||
A2B0000
|
direct allocation
|
page read and write
|
||
32E3000
|
heap
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
13A8000
|
heap
|
page read and write
|
||
2E1D000
|
stack
|
page read and write
|
||
D98000
|
heap
|
page read and write
|
||
DF4000
|
heap
|
page read and write
|
||
32D3000
|
heap
|
page read and write
|
||
D78000
|
heap
|
page read and write
|
||
DB4000
|
heap
|
page read and write
|
||
7FC000
|
stack
|
page read and write
|
||
6DA000
|
heap
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
F90000
|
unkown
|
page readonly
|
||
D9F000
|
heap
|
page read and write
|
||
D88000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
32EE000
|
heap
|
page read and write
|
||
334D000
|
heap
|
page read and write
|
||
D5A000
|
heap
|
page read and write
|
||
3348000
|
heap
|
page read and write
|
||
F73000
|
unkown
|
page readonly
|
||
9B31000
|
heap
|
page read and write
|
||
D54000
|
heap
|
page read and write
|
||
6CD000
|
heap
|
page read and write
|
||
DDC000
|
heap
|
page read and write
|
||
352E000
|
stack
|
page read and write
|
||
DF8000
|
heap
|
page read and write
|
||
6D0000
|
heap
|
page read and write
|
||
D64000
|
heap
|
page read and write
|
||
DE8000
|
heap
|
page read and write
|
||
DA5000
|
heap
|
page read and write
|
||
F50000
|
unkown
|
page readonly
|
||
32B0000
|
heap
|
page read and write
|
||
DF8000
|
heap
|
page read and write
|
||
D10000
|
heap
|
page read and write
|
||
118E000
|
stack
|
page read and write
|
||
DDC000
|
heap
|
page read and write
|
||
D33000
|
heap
|
page read and write
|
||
3070000
|
direct allocation
|
page read and write
|
||
DE7000
|
heap
|
page read and write
|
||
A1F0000
|
direct allocation
|
page read and write
|
||
1334000
|
heap
|
page read and write
|
||
E0D000
|
heap
|
page read and write
|
||
32E3000
|
heap
|
page read and write
|
||
D64000
|
heap
|
page read and write
|
||
663000
|
stack
|
page read and write
|
||
7BAA000
|
heap
|
page read and write
|
||
9C8B000
|
heap
|
page read and write
|
||
3348000
|
heap
|
page read and write
|
||
D98000
|
heap
|
page read and write
|
||
DBC000
|
heap
|
page read and write
|
||
DAE000
|
heap
|
page read and write
|
||
DDC000
|
heap
|
page read and write
|
||
D54000
|
heap
|
page read and write
|
There are 452 hidden memdumps, click here to show them.