Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_2f26e4b65edfc9809a16d7533fcfcfa7c28d99cc_852b229c_fe2aa7a8-98e8-4272-9ba7-cbf6fb477596\Report.wer
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_86d780998731d44cc37040f9271b2fbde5bee817_852b229c_047af564-82b0-4d48-8007-68b1817e9eb0\Report.wer
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AD9.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sun Oct 13 19:40:09 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1D2C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1D4C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6BA8.tmp.dmp
|
Mini DuMP crash report, 15 streams, CheckSum 0x00000004, Sun Oct 13 19:40:29 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C84.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6CE3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 1924
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 1060
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bathdoomgaz.store
|
|
||
|
studennotediw.store
|
|
||
|
clearancek.site
|
|
||
|
dissapoiznw.store
|
|
||
|
https://steamcommunity.com/profiles/76561199724331900
|
104.102.49.254
|
|
|
|
spirittunek.store
|
|
||
|
licendfilteo.site
|
|
||
|
eaglepawnoy.store
|
|
||
|
https://steamcommunity.com/profiles/76561199724331900/inventory/
|
unknown
|
|
|
|
mobbipenju.store
|
|
||
|
https://sergei-esenin.com/api
|
104.21.53.8
|
|
|
|
https://steamcommunity.com/profiles/76561199724331900/badges
|
unknown
|
|
|
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://sergei-esenin.com/
|
unknown
|
||
|
https://www.cloudflare.com/learning/access-m
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
|
unknown
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://sergei-esenin.com/2
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://sergei-esenin.com:443/apis
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://steamcommunity.com/Z~
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://store.steampowered.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://sergei-esenin.com/s
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
http://store.steampowered.com/account/cookiepreferences/
|
unknown
|
||
|
https://store.steampowered.com/mobile
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://steamcommunity.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
There are 69 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
steamcommunity.com
|
104.102.49.254
|
|
|
|
sergei-esenin.com
|
104.21.53.8
|
|
|
|
eaglepawnoy.store
|
unknown
|
|
|
|
bathdoomgaz.store
|
unknown
|
|
|
|
spirittunek.store
|
unknown
|
|
|
|
licendfilteo.site
|
unknown
|
|
|
|
studennotediw.store
|
unknown
|
|
|
|
mobbipenju.store
|
unknown
|
|
|
|
clearancek.site
|
unknown
|
|
|
|
dissapoiznw.store
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.53.8
|
sergei-esenin.com
|
United States
|
|
|
|
104.102.49.254
|
steamcommunity.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProgramId
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
FileId
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LongPathHash
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Name
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Publisher
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Version
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinaryType
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProductName
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProductVersion
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LinkDate
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Size
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Language
|
|
|
|
\REGISTRY\A\{61af9dc7-c2a2-1505-73b7-76b382762aab}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Usn
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00FAD0B2C62
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
191000
|
unkown
|
page execute and read and write
|
|
|
|
3F5000
|
unkown
|
page execute and write copy
|
||
|
36D000
|
unkown
|
page execute and read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
B4E000
|
heap
|
page read and write
|
||
|
4A2F000
|
stack
|
page read and write
|
||
|
3AA000
|
unkown
|
page execute and read and write
|
||
|
B85000
|
heap
|
page read and write
|
||
|
49A000
|
unkown
|
page execute and write copy
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
B79000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page execute and read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
50AD000
|
stack
|
page read and write
|
||
|
1FC000
|
unkown
|
page execute and write copy
|
||
|
492C000
|
stack
|
page read and write
|
||
|
402000
|
unkown
|
page execute and write copy
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
87B000
|
stack
|
page read and write
|
||
|
3D3000
|
unkown
|
page execute and read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
37B000
|
unkown
|
page execute and write copy
|
||
|
4A90000
|
direct allocation
|
page execute and read and write
|
||
|
4A40000
|
direct allocation
|
page execute and read and write
|
||
|
36E000
|
unkown
|
page execute and write copy
|
||
|
303F000
|
stack
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page execute and read and write
|
||
|
352000
|
unkown
|
page execute and read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
4461000
|
heap
|
page read and write
|
||
|
459000
|
unkown
|
page execute and read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
2C7F000
|
stack
|
page read and write
|
||
|
B89000
|
heap
|
page read and write
|
||
|
B0A000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
394000
|
unkown
|
page execute and write copy
|
||
|
3CBF000
|
stack
|
page read and write
|
||
|
407F000
|
stack
|
page read and write
|
||
|
5480000
|
trusted library allocation
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
3DC000
|
unkown
|
page execute and read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
3E4000
|
unkown
|
page execute and write copy
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
477000
|
unkown
|
page execute and write copy
|
||
|
4461000
|
heap
|
page read and write
|
||
|
3F9000
|
unkown
|
page execute and write copy
|
||
|
48E0000
|
remote allocation
|
page read and write
|
||
|
4A50000
|
direct allocation
|
page execute and read and write
|
||
|
3E8000
|
unkown
|
page execute and read and write
|
||
|
4D8B000
|
trusted library allocation
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
395000
|
unkown
|
page execute and read and write
|
||
|
527E000
|
stack
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
36BE000
|
stack
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
41BF000
|
stack
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
42FF000
|
stack
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
511E000
|
stack
|
page read and write
|
||
|
191000
|
unkown
|
page execute and write copy
|
||
|
429000
|
unkown
|
page execute and write copy
|
||
|
484000
|
unkown
|
page execute and read and write
|
||
|
27BD000
|
heap
|
page read and write
|
||
|
B8A000
|
heap
|
page read and write
|
||
|
48C000
|
unkown
|
page execute and write copy
|
||
|
48E0000
|
remote allocation
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page execute and read and write
|
||
|
4F6F000
|
stack
|
page read and write
|
||
|
4A7C000
|
stack
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
97B000
|
stack
|
page read and write
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
444F000
|
stack
|
page read and write
|
||
|
434E000
|
stack
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
3F7E000
|
stack
|
page read and write
|
||
|
416000
|
unkown
|
page execute and write copy
|
||
|
317F000
|
stack
|
page read and write
|
||
|
2B3F000
|
stack
|
page read and write
|
||
|
B8C000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
3B1000
|
unkown
|
page execute and write copy
|
||
|
BE9000
|
heap
|
page read and write
|
||
|
B87000
|
heap
|
page read and write
|
||
|
B8A000
|
heap
|
page read and write
|
||
|
49B000
|
unkown
|
page execute and write copy
|
||
|
37FE000
|
stack
|
page read and write
|
||
|
3D4000
|
unkown
|
page execute and write copy
|
||
|
4CED000
|
stack
|
page read and write
|
||
|
D7E000
|
stack
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
521F000
|
stack
|
page read and write
|
||
|
3CFE000
|
stack
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
27AC000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
48A0000
|
heap
|
page read and write
|
||
|
32BF000
|
stack
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
48A0000
|
trusted library allocation
|
page read and write
|
||
|
3B8000
|
unkown
|
page execute and write copy
|
||
|
343E000
|
stack
|
page read and write
|
||
|
48F0000
|
direct allocation
|
page read and write
|
||
|
B62000
|
heap
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
37BF000
|
stack
|
page read and write
|
||
|
4461000
|
heap
|
page read and write
|
||
|
190000
|
unkown
|
page readonly
|
||
|
3B7E000
|
stack
|
page read and write
|
||
|
48E0000
|
remote allocation
|
page read and write
|
||
|
4461000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
40E000
|
unkown
|
page execute and read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
BDF000
|
heap
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
B79000
|
heap
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
3F8000
|
unkown
|
page execute and read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
B87000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
367F000
|
stack
|
page read and write
|
||
|
4461000
|
heap
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
3DFF000
|
stack
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page execute and write copy
|
||
|
1F0000
|
unkown
|
page execute and write copy
|
||
|
484000
|
unkown
|
page execute and write copy
|
||
|
27B7000
|
heap
|
page read and write
|
||
|
4300000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
B45000
|
heap
|
page read and write
|
||
|
190000
|
unkown
|
page read and write
|
||
|
379000
|
unkown
|
page execute and write copy
|
||
|
B85000
|
heap
|
page read and write
|
||
|
41FE000
|
stack
|
page read and write
|
||
|
B48000
|
heap
|
page read and write
|
||
|
B8C000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
BE6000
|
heap
|
page read and write
|
||
|
B82000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
4D76000
|
trusted library allocation
|
page read and write
|
||
|
3E3E000
|
stack
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
B38000
|
heap
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
3BBE000
|
stack
|
page read and write
|
||
|
4D7E000
|
trusted library allocation
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
4460000
|
heap
|
page read and write
|
||
|
4461000
|
heap
|
page read and write
|
||
|
BD4000
|
heap
|
page read and write
|
||
|
1F0000
|
unkown
|
page execute and read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
3A3F000
|
stack
|
page read and write
|
||
|
3F3F000
|
stack
|
page read and write
|
||
|
3B6000
|
unkown
|
page execute and read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
28BE000
|
stack
|
page read and write
|
||
|
B9C000
|
heap
|
page read and write
|
||
|
37B000
|
unkown
|
page execute and read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
3A9000
|
unkown
|
page execute and write copy
|
||
|
42D000
|
unkown
|
page execute and read and write
|
||
|
4ABB000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
unkown
|
page execute and read and write
|
||
|
B82000
|
heap
|
page read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
4461000
|
heap
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
D3F000
|
stack
|
page read and write
|
||
|
33FF000
|
stack
|
page read and write
|
||
|
48F0000
|
direct allocation
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
1F0000
|
unkown
|
page execute and write copy
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
40BE000
|
stack
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page execute and read and write
|
||
|
B4E000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
3A7E000
|
stack
|
page read and write
|
||
|
3FB000
|
unkown
|
page execute and read and write
|
||
|
B8C000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
485000
|
unkown
|
page execute and write copy
|
||
|
48F0000
|
direct allocation
|
page read and write
|
||
|
393E000
|
stack
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
3BC000
|
unkown
|
page execute and read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
||
|
4D66000
|
trusted library allocation
|
page read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
B87000
|
heap
|
page read and write
|
||
|
4450000
|
direct allocation
|
page read and write
|
||
|
474000
|
unkown
|
page execute and write copy
|
||
|
4C6D000
|
trusted library allocation
|
page read and write
|
||
|
49A000
|
unkown
|
page execute and read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
4A70000
|
direct allocation
|
page execute and read and write
|
||
|
403000
|
unkown
|
page execute and read and write
|
||
|
2EFF000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page execute and read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
B82000
|
heap
|
page read and write
|
||
|
4D69000
|
trusted library allocation
|
page read and write
|
||
|
B0E000
|
heap
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page execute and read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page execute and read and write
|
||
|
48C000
|
unkown
|
page execute and write copy
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
3D2000
|
unkown
|
page execute and write copy
|
||
|
38FF000
|
stack
|
page read and write
|
||
|
355000
|
unkown
|
page execute and write copy
|
||
|
547F000
|
stack
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
4461000
|
heap
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
4C6B000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
B79000
|
heap
|
page read and write
|
There are 244 hidden memdumps, click here to show them.