Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_2f26e4b65edfc9809a16d7533fcfcfa7c28d99cc_852b229c_9cfab2bc-8e6f-4031-aac4-8891c7a30c58\Report.wer
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_86d780998731d44cc37040f9271b2fbde5bee817_852b229c_5ebf9abd-6ea0-4dee-b7fe-65fc2553a077\Report.wer
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER160F.tmp.dmp
|
Mini DuMP crash report, 15 streams, CheckSum 0x00000004, Mon Oct 14 01:07:22 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16DB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16FB.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC42.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 14 01:07:08 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD7B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDDAB.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 1992
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 1972
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://sergei-esenin.com/
|
unknown
|
|
|
|
studennotediw.store
|
|
||
|
dissapoiznw.store
|
|
||
|
https://steamcommunity.com/profiles/76561199724331900
|
104.102.49.254
|
|
|
|
eaglepawnoy.store
|
|
||
|
https://steamcommunity.com/profiles/76561199724331900/inventory/
|
unknown
|
|
|
|
https://sergei-esenin.com/e.E:
|
unknown
|
|
|
|
https://sergei-esenin.com:443/api
|
unknown
|
|
|
|
https://sergei-esenin.com/pi
|
unknown
|
|
|
|
https://sergei-esenin.com/em
|
unknown
|
|
|
|
https://sergei-esenin.com/apiU
|
unknown
|
|
|
|
bathdoomgaz.store
|
|
||
|
clearancek.site
|
|
||
|
https://sergei-esenin.com/api6
|
unknown
|
|
|
|
spirittunek.store
|
|
||
|
licendfilteo.site
|
|
||
|
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
|
https://player.vimeo.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&
|
unknown
|
||
|
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://www.gstatic.cn/recaptcha/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://www.youtube.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
|
unknown
|
||
|
https://s.ytimg.com;
|
unknown
|
||
|
https://steam.tv/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
https://steamcommunity.com/d
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://www.cloudflare.com
|
unknown
|
||
|
https://sketchfab.com
|
unknown
|
||
|
https://lv.queniujq.cn
|
unknown
|
||
|
https://www.youtube.com/
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/share
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
|
unknown
|
||
|
https://www.google.com/recaptcha/
|
unknown
|
||
|
https://checkout.steampowered.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://avatars.akamai.steamstatic
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://store.steampowered.com/;
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
|
unknown
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
|
unknown
|
||
|
https://recaptcha.net/recaptcha/;
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
|
unknown
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://medal.tv
|
unknown
|
||
|
https://broadcast.st.dl.eccdnx.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
|
unknown
|
||
|
https://steamcommunity.com/I
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
|
unknown
|
||
|
https://store.steampowered.com/subscriber_ag
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://login.steampowered.com/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
|
unknown
|
||
|
https://recaptcha.net
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://store.steampowered.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
|
unknown
|
||
|
http://127.0.0.1:27060
|
unknown
|
||
|
https://store.steampowered.com/steam_r
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/sh
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
|
unknown
|
||
|
https://store.steampowered.com/u:
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
steamcommunity.com
|
104.102.49.254
|
|
|
|
sergei-esenin.com
|
172.67.206.204
|
|
|
|
eaglepawnoy.store
|
unknown
|
|
|
|
bathdoomgaz.store
|
unknown
|
|
|
|
spirittunek.store
|
unknown
|
|
|
|
licendfilteo.site
|
unknown
|
|
|
|
studennotediw.store
|
unknown
|
|
|
|
mobbipenju.store
|
unknown
|
|
|
|
clearancek.site
|
unknown
|
|
|
|
dissapoiznw.store
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.102.49.254
|
steamcommunity.com
|
United States
|
|
|
|
172.67.206.204
|
sergei-esenin.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProgramId
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
FileId
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LongPathHash
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Name
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Publisher
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Version
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinaryType
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProductName
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProductVersion
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LinkDate
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Size
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Language
|
|
|
|
\REGISTRY\A\{729483ed-40de-d504-8818-2e012436bc64}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Usn
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
00188010C5543AD0
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
901000
|
unkown
|
page execute and read and write
|
|
|
|
45AE000
|
stack
|
page read and write
|
||
|
900000
|
unkown
|
page readonly
|
||
|
AE1000
|
unkown
|
page execute and write copy
|
||
|
B56000
|
unkown
|
page execute and write copy
|
||
|
5278000
|
trusted library allocation
|
page read and write
|
||
|
B25000
|
unkown
|
page execute and read and write
|
||
|
5090000
|
direct allocation
|
page execute and read and write
|
||
|
4F00000
|
remote allocation
|
page read and write
|
||
|
4F00000
|
remote allocation
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
548E000
|
stack
|
page read and write
|
||
|
B65000
|
unkown
|
page execute and write copy
|
||
|
5070000
|
direct allocation
|
page execute and read and write
|
||
|
96C000
|
unkown
|
page execute and write copy
|
||
|
534E000
|
stack
|
page read and write
|
||
|
B81000
|
unkown
|
page execute and write copy
|
||
|
1054000
|
heap
|
page read and write
|
||
|
55CD000
|
stack
|
page read and write
|
||
|
50C0000
|
direct allocation
|
page execute and read and write
|
||
|
51CE000
|
stack
|
page read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
5090000
|
direct allocation
|
page execute and read and write
|
||
|
B63000
|
unkown
|
page execute and write copy
|
||
|
126E000
|
stack
|
page read and write
|
||
|
BD9000
|
unkown
|
page execute and read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
392E000
|
stack
|
page read and write
|
||
|
960000
|
unkown
|
page execute and write copy
|
||
|
900000
|
unkown
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
AC6000
|
unkown
|
page execute and read and write
|
||
|
583F000
|
stack
|
page read and write
|
||
|
5090000
|
direct allocation
|
page execute and read and write
|
||
|
38EF000
|
stack
|
page read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
5090000
|
direct allocation
|
page execute and read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
B17000
|
unkown
|
page execute and read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
33EF000
|
stack
|
page read and write
|
||
|
32AF000
|
stack
|
page read and write
|
||
|
4A6F000
|
stack
|
page read and write
|
||
|
BED000
|
unkown
|
page execute and write copy
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
4A80000
|
heap
|
page read and write
|
||
|
3F2F000
|
stack
|
page read and write
|
||
|
B11000
|
unkown
|
page execute and write copy
|
||
|
1054000
|
heap
|
page read and write
|
||
|
B3D000
|
unkown
|
page execute and write copy
|
||
|
BD5000
|
unkown
|
page execute and write copy
|
||
|
3A6E000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
10A3000
|
heap
|
page read and write
|
||
|
BDF000
|
unkown
|
page execute and write copy
|
||
|
ADA000
|
unkown
|
page execute and read and write
|
||
|
115A000
|
heap
|
page read and write
|
||
|
5080000
|
direct allocation
|
page execute and read and write
|
||
|
115D000
|
heap
|
page read and write
|
||
|
B43000
|
unkown
|
page execute and write copy
|
||
|
B9B000
|
unkown
|
page execute and write copy
|
||
|
113F000
|
heap
|
page read and write
|
||
|
59DE000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
B71000
|
unkown
|
page execute and write copy
|
||
|
3A2F000
|
stack
|
page read and write
|
||
|
10EF000
|
heap
|
page read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
B1F000
|
unkown
|
page execute and write copy
|
||
|
2E27000
|
heap
|
page read and write
|
||
|
AFA000
|
unkown
|
page execute and write copy
|
||
|
5060000
|
direct allocation
|
page execute and read and write
|
||
|
3DEF000
|
stack
|
page read and write
|
||
|
1142000
|
heap
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
3CAF000
|
stack
|
page read and write
|
||
|
2E2D000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
960000
|
unkown
|
page execute and read and write
|
||
|
1142000
|
heap
|
page read and write
|
||
|
10E3000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
5090000
|
direct allocation
|
page execute and read and write
|
||
|
4F10000
|
direct allocation
|
page read and write
|
||
|
10C2000
|
heap
|
page read and write
|
||
|
10A1000
|
heap
|
page read and write
|
||
|
BED000
|
unkown
|
page execute and read and write
|
||
|
352F000
|
stack
|
page read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
B59000
|
unkown
|
page execute and read and write
|
||
|
AEC000
|
unkown
|
page execute and read and write
|
||
|
4F00000
|
remote allocation
|
page read and write
|
||
|
AD6000
|
unkown
|
page execute and read and write
|
||
|
50A0000
|
direct allocation
|
page execute and read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
50B0000
|
direct allocation
|
page execute and read and write
|
||
|
504F000
|
stack
|
page read and write
|
||
|
10AE000
|
heap
|
page read and write
|
||
|
BF5000
|
unkown
|
page execute and write copy
|
||
|
42EF000
|
stack
|
page read and write
|
||
|
B26000
|
unkown
|
page execute and write copy
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
C04000
|
unkown
|
page execute and write copy
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
492F000
|
stack
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
B79000
|
unkown
|
page execute and read and write
|
||
|
4F10000
|
direct allocation
|
page read and write
|
||
|
544E000
|
stack
|
page read and write
|
||
|
B68000
|
unkown
|
page execute and read and write
|
||
|
136E000
|
stack
|
page read and write
|
||
|
10C6000
|
heap
|
page read and write
|
||
|
109F000
|
heap
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
10F3000
|
heap
|
page read and write
|
||
|
B78000
|
unkown
|
page execute and write copy
|
||
|
46AF000
|
stack
|
page read and write
|
||
|
B2A000
|
unkown
|
page execute and read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
432E000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
B12000
|
unkown
|
page execute and read and write
|
||
|
B55000
|
unkown
|
page execute and read and write
|
||
|
BBF000
|
unkown
|
page execute and read and write
|
||
|
B64000
|
unkown
|
page execute and read and write
|
||
|
520D000
|
stack
|
page read and write
|
||
|
BD6000
|
unkown
|
page execute and read and write
|
||
|
AE1000
|
unkown
|
page execute and read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
B16000
|
unkown
|
page execute and write copy
|
||
|
10F3000
|
heap
|
page read and write
|
||
|
B84000
|
unkown
|
page execute and read and write
|
||
|
482E000
|
stack
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
37AF000
|
stack
|
page read and write
|
||
|
41EE000
|
stack
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
442F000
|
stack
|
page read and write
|
||
|
5B20000
|
trusted library allocation
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
BEE000
|
unkown
|
page execute and write copy
|
||
|
10E3000
|
heap
|
page read and write
|
||
|
530D000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
456F000
|
stack
|
page read and write
|
||
|
AF9000
|
unkown
|
page execute and read and write
|
||
|
1105000
|
heap
|
page read and write
|
||
|
3B6F000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
10FC000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
4EC0000
|
trusted library allocation
|
page read and write
|
||
|
597E000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
5384000
|
trusted library allocation
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
316F000
|
stack
|
page read and write
|
||
|
2DCB000
|
stack
|
page read and write
|
||
|
B54000
|
unkown
|
page execute and write copy
|
||
|
37EE000
|
stack
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
3F6E000
|
stack
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
558F000
|
stack
|
page read and write
|
||
|
4F4C000
|
stack
|
page read and write
|
||
|
106E000
|
heap
|
page read and write
|
||
|
10A5000
|
heap
|
page read and write
|
||
|
C04000
|
unkown
|
page execute and read and write
|
||
|
BF5000
|
unkown
|
page execute and write copy
|
||
|
106A000
|
heap
|
page read and write
|
||
|
114C000
|
heap
|
page read and write
|
||
|
40AE000
|
stack
|
page read and write
|
||
|
366F000
|
stack
|
page read and write
|
||
|
5376000
|
trusted library allocation
|
page read and write
|
||
|
14AE000
|
stack
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
302F000
|
stack
|
page read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
46EE000
|
stack
|
page read and write
|
||
|
539A000
|
trusted library allocation
|
page read and write
|
||
|
B77000
|
unkown
|
page execute and read and write
|
||
|
10C6000
|
heap
|
page read and write
|
||
|
1105000
|
heap
|
page read and write
|
||
|
13AE000
|
stack
|
page read and write
|
||
|
AFD000
|
unkown
|
page execute and read and write
|
||
|
56CD000
|
stack
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
BD7000
|
unkown
|
page execute and write copy
|
||
|
1054000
|
heap
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
B4D000
|
unkown
|
page execute and read and write
|
||
|
AEB000
|
unkown
|
page execute and write copy
|
||
|
47EF000
|
stack
|
page read and write
|
||
|
D9B000
|
stack
|
page read and write
|
||
|
10FB000
|
heap
|
page read and write
|
||
|
5090000
|
direct allocation
|
page execute and read and write
|
||
|
B9C000
|
unkown
|
page execute and read and write
|
||
|
3CEE000
|
stack
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
C9B000
|
stack
|
page read and write
|
||
|
406F000
|
stack
|
page read and write
|
||
|
B42000
|
unkown
|
page execute and read and write
|
||
|
3E2E000
|
stack
|
page read and write
|
||
|
113B000
|
heap
|
page read and write
|
||
|
C05000
|
unkown
|
page execute and write copy
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
3BAE000
|
stack
|
page read and write
|
||
|
1098000
|
heap
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
901000
|
unkown
|
page execute and write copy
|
||
|
538C000
|
trusted library allocation
|
page read and write
|
||
|
509D000
|
stack
|
page read and write
|
||
|
113A000
|
heap
|
page read and write
|
||
|
1145000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
AC8000
|
unkown
|
page execute and write copy
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
4F10000
|
direct allocation
|
page read and write
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
5AFF000
|
stack
|
page read and write
|
||
|
AF7000
|
unkown
|
page execute and write copy
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
AD7000
|
unkown
|
page execute and write copy
|
||
|
496E000
|
stack
|
page read and write
|
There are 239 hidden memdumps, click here to show them.