Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
bind.aspx.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\GCAEHDBAAECB\BKKFHI
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\CBFBKF
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8,
version-valid-for 5
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\CGHCGI
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\DGDBAK
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\FBFIJJ
|
ASCII text, with very long lines (1769), with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\FCAAAA
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\FIDAFC
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie
0x36, schema 4, UTF-8, version-valid-for 7
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\GCAEHD
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\GHCGDA
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\GCAEHDBAAECB\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\76561199761128941[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\delays.tmp
|
ISO-8859 text, with very long lines (65536), with no line terminators
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\bind.aspx.exe
|
"C:\Users\user\Desktop\bind.aspx.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\GCAEHDBAAECB" & exit
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout /t 10
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://steamcommunity.com/profiles/76561199761128941
|
104.102.49.254
|
|
|
|
http://stadiatechnologies.com/
|
95.164.119.162
|
|
|
|
https://135.181.31.18/
|
135.181.31.18
|
|
|
|
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://player.vimeo.com
|
unknown
|
||
|
https://t.me/iyigunl
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://135.181.31.18/S
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=B0lGn8MokmdT&l=e
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://www.gstatic.cn/recaptcha/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://www.youtube.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://s.ytimg.com;
|
unknown
|
||
|
http://stadiatechnologies.comntent-Disposition:
|
unknown
|
||
|
https://steam.tv/
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199761128941/badges
|
unknown
|
||
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
https://mozilla.org0/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=WnGP
|
unknown
|
||
|
https://135.181.31.18/0n9:6
|
unknown
|
||
|
http://stadiatechnologies.com
|
unknown
|
||
|
https://store.steampowered.com/pri
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://135.181.31.18/Tn%:2
|
unknown
|
||
|
http://stadiatechnologies.com/(
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://135.181.31.18T
|
unknown
|
||
|
https://sketchfab.com
|
unknown
|
||
|
https://steamcommunity.com/login/home/?goto=profiles%2F76561199761128941
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://lv.queniujq.cn
|
unknown
|
||
|
https://www.youtube.com/
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
https://135.181.31.18/sqlr.dll
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199761128941m
|
unknown
|
||
|
https://135.181.31.18/h
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199761128941b
|
unknown
|
||
|
https://www.google.com/recaptcha/
|
unknown
|
||
|
https://135.181.31.18/;n
|
unknown
|
||
|
https://checkout.steampowered.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://135.181.31.18/x
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://store.steampowered.com/;
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
|
unknown
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199761128941/inventory/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
|
unknown
|
||
|
https://recaptcha.net/recaptcha/;
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
|
unknown
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=nSnUuYf7g6U1&a
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://medal.tv
|
unknown
|
||
|
https://broadcast.st.dl.eccdnx.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://t.me/iyigunlhellosqlr.dllsqlite3.dllIn
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://login.steampowered.com/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://135.181.31.18/_n
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
|
unknown
|
||
|
https://135.181.31.18/-n
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
steamcommunity.com
|
104.102.49.254
|
|
|
|
stadiatechnologies.com
|
95.164.119.162
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
95.164.119.162
|
stadiatechnologies.com
|
Gibraltar
|
|
|
|
104.102.49.254
|
steamcommunity.com
|
United States
|
|
|
|
135.181.31.18
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214EF-0000-0000-C000-000000000046} 0xFFFF
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
35E000
|
unkown
|
page readonly
|
|
|
|
35E000
|
unkown
|
page readonly
|
|
|
|
303C000
|
stack
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
96C000
|
unkown
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E7D000
|
heap
|
page read and write
|
||
|
340000
|
unkown
|
page readonly
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
366000
|
unkown
|
page write copy
|
||
|
24E2D000
|
heap
|
page read and write
|
||
|
963000
|
unkown
|
page read and write
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
61E00000
|
direct allocation
|
page execute and read and write
|
||
|
61EB4000
|
direct allocation
|
page read and write
|
||
|
24E9D000
|
heap
|
page read and write
|
||
|
24EB1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
3328000
|
stack
|
page read and write
|
||
|
A79000
|
unkown
|
page readonly
|
||
|
36F8000
|
heap
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
24EB3000
|
heap
|
page read and write
|
||
|
35C9000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
24E9C000
|
heap
|
page read and write
|
||
|
357E000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
27CF0000
|
heap
|
page read and write
|
||
|
357A000
|
heap
|
page read and write
|
||
|
A43000
|
unkown
|
page read and write
|
||
|
333C000
|
stack
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD7000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24EB0000
|
heap
|
page read and write
|
||
|
24EB3000
|
heap
|
page read and write
|
||
|
24E78000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
375B000
|
heap
|
page read and write
|
||
|
86C000
|
unkown
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
24E8F000
|
heap
|
page read and write
|
||
|
24E99000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24EAA000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
24E86000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
3581000
|
heap
|
page read and write
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
A77000
|
unkown
|
page read and write
|
||
|
27E6C000
|
unkown
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
3698000
|
heap
|
page read and write
|
||
|
24E85000
|
heap
|
page read and write
|
||
|
2CD000
|
stack
|
page read and write
|
||
|
341000
|
unkown
|
page execute read
|
||
|
3795000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
202F0000
|
remote allocation
|
page read and write
|
||
|
365C000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E02000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
350E000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
274D0000
|
trusted library allocation
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
36B8000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
2A74A000
|
heap
|
page read and write
|
||
|
24E78000
|
heap
|
page read and write
|
||
|
61E01000
|
direct allocation
|
page execute read
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
357B000
|
heap
|
page read and write
|
||
|
3553000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E6D000
|
heap
|
page read and write
|
||
|
24E78000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
24E9D000
|
heap
|
page read and write
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E1D000
|
heap
|
page read and write
|
||
|
3611000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
61ECD000
|
direct allocation
|
page readonly
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
192CF000
|
stack
|
page read and write
|
||
|
2286F000
|
stack
|
page read and write
|
||
|
24E85000
|
heap
|
page read and write
|
||
|
341000
|
unkown
|
page execute read
|
||
|
3581000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
36EE000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
24E9C000
|
heap
|
page read and write
|
||
|
61ECC000
|
direct allocation
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24EAC000
|
heap
|
page read and write
|
||
|
24E95000
|
heap
|
page read and write
|
||
|
24F00000
|
heap
|
page read and write
|
||
|
3581000
|
heap
|
page read and write
|
||
|
332C000
|
stack
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
2C92C000
|
stack
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
340000
|
unkown
|
page readonly
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
70440000
|
unkown
|
page readonly
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
26E000
|
stack
|
page read and write
|
||
|
24EB0000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
363C000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E88000
|
heap
|
page read and write
|
||
|
24E99000
|
heap
|
page read and write
|
||
|
24EB3000
|
heap
|
page read and write
|
||
|
24E88000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
35EB000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
202F0000
|
remote allocation
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
61ED3000
|
direct allocation
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
366000
|
unkown
|
page write copy
|
||
|
3608000
|
heap
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
3331000
|
stack
|
page read and write
|
||
|
3581000
|
heap
|
page read and write
|
||
|
BFD000
|
stack
|
page read and write
|
||
|
BB2A000
|
heap
|
page read and write
|
||
|
7045F000
|
unkown
|
page readonly
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
24E78000
|
heap
|
page read and write
|
||
|
866000
|
unkown
|
page read and write
|
||
|
357B000
|
heap
|
page read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
1DD8B000
|
stack
|
page read and write
|
||
|
24F5B000
|
stack
|
page read and write
|
||
|
61EB7000
|
direct allocation
|
page readonly
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
3581000
|
heap
|
page read and write
|
||
|
24E00000
|
heap
|
page read and write
|
||
|
24EB3000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
24E8A000
|
heap
|
page read and write
|
||
|
24E99000
|
heap
|
page read and write
|
||
|
70456000
|
unkown
|
page readonly
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
1B80F000
|
stack
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
24E0C000
|
heap
|
page read and write
|
||
|
363E000
|
heap
|
page read and write
|
||
|
24E95000
|
heap
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
357A000
|
heap
|
page read and write
|
||
|
24EB3000
|
heap
|
page read and write
|
||
|
1484F000
|
stack
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
2A3EB000
|
stack
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E88000
|
heap
|
page read and write
|
||
|
24EB2000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
322E000
|
stack
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
27B40000
|
trusted library allocation
|
page read and write
|
||
|
24E78000
|
heap
|
page read and write
|
||
|
24DFD000
|
stack
|
page read and write
|
||
|
BAF0000
|
heap
|
page read and write
|
||
|
1DD4C000
|
stack
|
page read and write
|
||
|
61ED0000
|
direct allocation
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
366000
|
unkown
|
page write copy
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
24E85000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
3525000
|
heap
|
page read and write
|
||
|
357D000
|
heap
|
page read and write
|
||
|
24E78000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
3642000
|
heap
|
page read and write
|
||
|
274D0000
|
trusted library allocation
|
page read and write
|
||
|
3581000
|
heap
|
page read and write
|
||
|
70441000
|
unkown
|
page execute read
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
363E000
|
heap
|
page read and write
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
BAD0000
|
heap
|
page read and write
|
||
|
24EAD000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
202F0000
|
remote allocation
|
page read and write
|
||
|
61ED4000
|
direct allocation
|
page readonly
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
9AA000
|
unkown
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24EB3000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
33A8000
|
heap
|
page read and write
|
||
|
24E78000
|
heap
|
page read and write
|
||
|
24E83000
|
heap
|
page read and write
|
||
|
3678000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
24E9D000
|
heap
|
page read and write
|
||
|
24EB3000
|
heap
|
page read and write
|
||
|
98B000
|
unkown
|
page read and write
|
||
|
24E77000
|
heap
|
page read and write
|
||
|
24EB0000
|
heap
|
page read and write
|
||
|
BBD0000
|
unclassified section
|
page read and write
|
||
|
357B000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
36D8000
|
heap
|
page read and write
|
||
|
2032E000
|
stack
|
page read and write
|
||
|
36F3000
|
heap
|
page read and write
|
||
|
24E8F000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
24E91000
|
heap
|
page read and write
|
||
|
24EB3000
|
heap
|
page read and write
|
||
|
BAE0000
|
heap
|
page read and write
|
||
|
24E88000
|
heap
|
page read and write
|
||
|
228BD000
|
stack
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
27620000
|
heap
|
page read and write
|
||
|
24EB3000
|
heap
|
page read and write
|
||
|
2D0000
|
trusted library allocation
|
page read and write
|
||
|
24E7A000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E83000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
16D8F000
|
stack
|
page read and write
|
||
|
870000
|
unkown
|
page read and write
|
||
|
A4BE000
|
stack
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
202CC000
|
stack
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
24E77000
|
heap
|
page read and write
|
||
|
357C000
|
heap
|
page read and write
|
||
|
24E9C000
|
heap
|
page read and write
|
||
|
35BF000
|
heap
|
page read and write
|
||
|
A79000
|
unkown
|
page readonly
|
||
|
27CFB000
|
heap
|
page read and write
|
||
|
7045D000
|
unkown
|
page read and write
|
||
|
2749A000
|
stack
|
page read and write
|
||
|
357E000
|
heap
|
page read and write
|
||
|
332A000
|
stack
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
2DEC000
|
stack
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
2751D000
|
heap
|
page read and write
|
||
|
24E7C000
|
heap
|
page read and write
|
||
|
B76000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
2A3AD000
|
stack
|
page read and write
|
||
|
3611000
|
heap
|
page read and write
|
||
|
24E92000
|
heap
|
page read and write
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
966000
|
unkown
|
page read and write
|
||
|
7F7E000
|
stack
|
page read and write
|
||
|
35BF000
|
heap
|
page read and write
|
||
|
24EA5000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
874000
|
unkown
|
page read and write
|
||
|
BAD1000
|
heap
|
page read and write
|
||
|
24E78000
|
heap
|
page read and write
|
||
|
3642000
|
heap
|
page read and write
|
There are 313 hidden memdumps, click here to show them.