Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SoftWare(2).exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SoftWare(2).exe_546ea742dd48f46178dbb2b915245098904dcb1_95a35aca_fd133525-3c5c-41ae-bc01-a4509b427ecd\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SoftWare(2).exe_8ee5b464331c84393527985073a16c78d63b1b_95a35aca_209ad8ac-ebfc-4dd4-bc55-8141efb30f65\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SoftWare(2).exe_99eff584d7ae45d9eb7f2942b6104d7821b2b7b5_2927e4e7_43c31aa8-2cfa-4cc4-9dd5-bf9c1b22ee4c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1064.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 14 03:02:09 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER117E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER11AE.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D23.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 14 03:02:16 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F47.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F96.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3D5.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Oct 14 03:01:58 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE619.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE648.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SoftWare(2).exe
|
"C:\Users\user\Desktop\SoftWare(2).exe"
|
|
|
|
C:\Users\user\Desktop\SoftWare(2).exe
|
"C:\Users\user\Desktop\SoftWare(2).exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 308
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 1656
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 1712
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
enlargkiw.sbs
|
|
||
|
allocatinow.sbs
|
|
||
|
drawwyobstacw.sbs
|
|
||
|
mathcucom.sbs
|
|
||
|
https://steamcommunity.com/profiles/76561199724331900
|
104.102.49.254
|
|
|
|
https://vennurviot.sbs/api
|
172.67.140.193
|
|
|
|
https://steamcommunity.com/profiles/76561199724331900/inventory/
|
unknown
|
|
|
|
ehticsprocw.sbs
|
|
||
|
condifendteu.sbs
|
|
||
|
https://drawwyobstacw.sbs/api
|
188.114.97.3
|
|
|
|
bleedminejw.buzz
|
|
||
|
https://resinedyw.sbs/api
|
104.21.77.78
|
|
|
|
https://mathcucom.sbs/api
|
188.114.97.3
|
|
|
|
resinedyw.sbs
|
|
||
|
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
|
https://player.vimeo.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&
|
unknown
|
||
|
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://sergei-esenin.com/
|
unknown
|
||
|
https://steamcommunity.com/Z-
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://www.gstatic.cn/recaptcha/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://www.youtube.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://drawwyobstacw.sbs:443/api
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
|
unknown
|
||
|
https://s.ytimg.com;
|
unknown
|
||
|
https://steam.tv/
|
unknown
|
||
|
https://ehticsprocw.sbs/api07
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
http://www.entrust.net/rpa03
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://sketchfab.com
|
unknown
|
||
|
https://lv.queniujq.cn
|
unknown
|
||
|
https://www.youtube.com/
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
|
unknown
|
||
|
https://www.google.com/recaptcha/
|
unknown
|
||
|
https://checkout.steampowered.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://avatars.akamai.steamstatic
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://store.steampowered.com/;
|
unknown
|
||
|
https://www.entrust.net/rpa0
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://ocsp.entrust.net02
|
unknown
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
|
unknown
|
||
|
https://recaptcha.net/recaptcha/;
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
|
unknown
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://sergei-esenin.com/api=
|
unknown
|
||
|
https://medal.tv
|
unknown
|
||
|
https://broadcast.st.dl.eccdnx.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
|
unknown
|
||
|
https://sergei-esenin.com/api2
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
|
unknown
|
||
|
https://www.cloudflare.com/learning/access-managction
|
unknown
|
||
|
http://crl.entrust.net/ts1ca.crl0
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://login.steampowered.com/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
|
unknown
|
||
|
https://recaptcha.net
|
unknown
|
||
|
http://aia.entrust.net/ts1-chain256.cer01
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://store.steampowered.com/
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
condifendteu.sbs
|
172.67.141.136
|
|
|
|
steamcommunity.com
|
104.102.49.254
|
|
|
|
vennurviot.sbs
|
172.67.140.193
|
|
|
|
drawwyobstacw.sbs
|
188.114.97.3
|
|
|
|
mathcucom.sbs
|
188.114.97.3
|
|
|
|
sergei-esenin.com
|
172.67.206.204
|
|
|
|
ehticsprocw.sbs
|
104.21.30.221
|
|
|
|
resinedyw.sbs
|
104.21.77.78
|
|
|
|
enlargkiw.sbs
|
172.67.152.13
|
|
|
|
allocatinow.sbs
|
unknown
|
|
|
|
bleedminejw.buzz
|
unknown
|
|
There are 1 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
drawwyobstacw.sbs
|
European Union
|
|
|
|
172.67.152.13
|
enlargkiw.sbs
|
United States
|
|
|
|
104.21.30.221
|
ehticsprocw.sbs
|
United States
|
|
|
|
172.67.141.136
|
condifendteu.sbs
|
United States
|
|
|
|
104.102.49.254
|
steamcommunity.com
|
United States
|
|
|
|
172.67.140.193
|
vennurviot.sbs
|
United States
|
|
|
|
104.21.77.78
|
resinedyw.sbs
|
United States
|
|
|
|
172.67.206.204
|
sergei-esenin.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
ProgramId
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
FileId
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
LongPathHash
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
Name
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
OriginalFileName
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
Publisher
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
Version
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
BinFileVersion
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
BinaryType
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
ProductName
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
ProductVersion
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
LinkDate
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
BinProductVersion
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
Size
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
Language
|
||
|
\REGISTRY\A\{dbeb148c-141d-e44e-6fae-f4fb2c5825ea}\Root\InventoryApplicationFile\software(2).exe|426d304274bd1f2b
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
001840100DEB7AB3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
79B000
|
unkown
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
2C3E000
|
stack
|
page read and write
|
||
|
F4D000
|
heap
|
page read and write
|
||
|
FCE000
|
heap
|
page read and write
|
||
|
791000
|
unkown
|
page readonly
|
||
|
791000
|
unkown
|
page readonly
|
||
|
F63000
|
heap
|
page read and write
|
||
|
F4D000
|
heap
|
page read and write
|
||
|
FDC000
|
heap
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
F64000
|
heap
|
page read and write
|
||
|
2D7D000
|
stack
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
791000
|
unkown
|
page readonly
|
||
|
F4D000
|
heap
|
page read and write
|
||
|
36EE000
|
stack
|
page read and write
|
||
|
FDF000
|
heap
|
page read and write
|
||
|
EFE000
|
heap
|
page read and write
|
||
|
2AA0000
|
remote allocation
|
page read and write
|
||
|
2D3F000
|
stack
|
page read and write
|
||
|
2BFD000
|
stack
|
page read and write
|
||
|
F63000
|
heap
|
page read and write
|
||
|
37E0000
|
heap
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
119E000
|
stack
|
page read and write
|
||
|
F63000
|
heap
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
35ED000
|
stack
|
page read and write
|
||
|
770000
|
unkown
|
page readonly
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
35AF000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
2B9D000
|
stack
|
page read and write
|
||
|
F65000
|
heap
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
FE4000
|
heap
|
page read and write
|
||
|
105E000
|
stack
|
page read and write
|
||
|
FF4000
|
heap
|
page read and write
|
||
|
FF4000
|
heap
|
page read and write
|
||
|
770000
|
unkown
|
page readonly
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
2AA0000
|
remote allocation
|
page read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
ABC000
|
stack
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
FA2000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
FDF000
|
heap
|
page read and write
|
||
|
FD7000
|
heap
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
F4D000
|
heap
|
page read and write
|
||
|
771000
|
unkown
|
page execute read
|
||
|
F3C000
|
heap
|
page read and write
|
||
|
791000
|
unkown
|
page readonly
|
||
|
FCE000
|
heap
|
page read and write
|
||
|
2A65000
|
trusted library allocation
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
79B000
|
unkown
|
page write copy
|
||
|
F48000
|
heap
|
page read and write
|
||
|
2E7D000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
FA2000
|
heap
|
page read and write
|
||
|
EFA000
|
heap
|
page read and write
|
||
|
7F0000
|
unkown
|
page readonly
|
||
|
ADB000
|
stack
|
page read and write
|
||
|
11BF000
|
stack
|
page read and write
|
||
|
34AE000
|
stack
|
page read and write
|
||
|
38EF000
|
stack
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
333D000
|
stack
|
page read and write
|
||
|
458000
|
remote allocation
|
page execute and read and write
|
||
|
7EE000
|
unkown
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
374E000
|
stack
|
page read and write
|
||
|
F63000
|
heap
|
page read and write
|
||
|
FDC000
|
heap
|
page read and write
|
||
|
FDC000
|
heap
|
page read and write
|
||
|
2A9C000
|
stack
|
page read and write
|
||
|
FA2000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
7F0000
|
unkown
|
page readonly
|
||
|
2AA0000
|
remote allocation
|
page read and write
|
||
|
79B000
|
unkown
|
page write copy
|
||
|
771000
|
unkown
|
page execute read
|
||
|
7F0000
|
unkown
|
page readonly
|
||
|
F47000
|
heap
|
page read and write
|
||
|
BDB000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
38F0000
|
trusted library allocation
|
page read and write
|
||
|
FCE000
|
heap
|
page read and write
|
||
|
770000
|
unkown
|
page readonly
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
FD9000
|
heap
|
page read and write
|
||
|
7EC000
|
unkown
|
page execute and read and write
|
||
|
BBD000
|
stack
|
page read and write
|
||
|
7F0000
|
unkown
|
page readonly
|
||
|
F64000
|
heap
|
page read and write
|
||
|
F28000
|
heap
|
page read and write
|
||
|
2EBD000
|
stack
|
page read and write
|
||
|
FDC000
|
heap
|
page read and write
|
||
|
FE6000
|
heap
|
page read and write
|
||
|
F66000
|
heap
|
page read and write
|
||
|
E45000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
F47000
|
heap
|
page read and write
|
||
|
770000
|
unkown
|
page readonly
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
FD7000
|
heap
|
page read and write
|
||
|
79B000
|
unkown
|
page write copy
|
||
|
FDC000
|
heap
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
FD7000
|
heap
|
page read and write
|
||
|
771000
|
unkown
|
page execute read
|
||
|
771000
|
unkown
|
page execute read
|
||
|
115F000
|
stack
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
FA2000
|
heap
|
page read and write
|
There are 121 hidden memdumps, click here to show them.