Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_10ade8c62e1e5b932c9965c096b42c43be687_852b229c_5b3260ed-724a-42b7-8cd0-f6e1e5b02db9\Report.wer
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_51d3ab169e1892723c87a9e6928df66633d59e12_852b229c_53dca978-770f-4bbd-b782-bf3ee498f1fa\Report.wer
|
data
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER14D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER72.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 14 04:02:34 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB9A5.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 14 04:02:17 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC00E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC07D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1900
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1916
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 1952
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
studennotediw.store
|
|
||
|
dissapoiznw.store
|
|
||
|
https://steamcommunity.com/profiles/76561199724331900
|
104.102.49.254
|
|
|
|
eaglepawnoy.store
|
|
||
|
https://steamcommunity.com/profiles/76561199724331900/inventory/
|
unknown
|
|
|
|
https://sergei-esenin.com:443/apifiles/76561199724331900
|
unknown
|
|
|
|
https://sergei-esenin.com:443/api
|
unknown
|
|
|
|
bathdoomgaz.store
|
|
||
|
clearancek.site
|
|
||
|
spirittunek.store
|
|
||
|
licendfilteo.site
|
|
||
|
mobbipenju.store
|
|
||
|
https://sergei-esenin.com/api
|
172.67.206.204
|
|
|
|
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
|
https://player.vimeo.com
|
unknown
|
||
|
https://licendfilteo.site:443/apiq
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&
|
unknown
|
||
|
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://www.gstatic.cn/recaptcha/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://www.youtube.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
|
unknown
|
||
|
https://s.ytimg.com;
|
unknown
|
||
|
https://eaglepawnoy.store:443/api
|
unknown
|
||
|
https://steam.tv/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://sketchfab.com
|
unknown
|
||
|
https://lv.queniujq.cn
|
unknown
|
||
|
https://www.youtube.com/
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
|
unknown
|
||
|
https://www.google.com/recaptcha/
|
unknown
|
||
|
https://checkout.steampowered.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://avatars.akamai.steamstatic
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://store.steampowered.com/;
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
|
unknown
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
|
unknown
|
||
|
https://recaptcha.net/recaptcha/;
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
|
unknown
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://medal.tv
|
unknown
|
||
|
https://broadcast.st.dl.eccdnx.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
|
unknown
|
||
|
https://clearancek.site:443/api
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://login.steampowered.com/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
|
unknown
|
||
|
https://recaptcha.net
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://store.steampowered.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
|
unknown
|
||
|
https://studennotediw.store:443/api
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
|
unknown
|
||
|
http://127.0.0.1:27060
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
|
unknown
|
||
|
https://spirittunek.store:443/api
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
|
unknown
|
||
|
https://help.steampowered.com/
|
unknown
|
||
|
https://api.steampowered.com/
|
unknown
|
||
|
http://store.steampowered.com/account/cookiepreferences/
|
unknown
|
||
|
https://store.steampowered.com/mobile
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
steamcommunity.com
|
104.102.49.254
|
|
|
|
sergei-esenin.com
|
172.67.206.204
|
|
|
|
eaglepawnoy.store
|
unknown
|
|
|
|
bathdoomgaz.store
|
unknown
|
|
|
|
spirittunek.store
|
unknown
|
|
|
|
licendfilteo.site
|
unknown
|
|
|
|
studennotediw.store
|
unknown
|
|
|
|
mobbipenju.store
|
unknown
|
|
|
|
clearancek.site
|
unknown
|
|
|
|
dissapoiznw.store
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.102.49.254
|
steamcommunity.com
|
United States
|
|
|
|
172.67.206.204
|
sergei-esenin.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProgramId
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
FileId
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LongPathHash
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Name
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Publisher
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Version
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinaryType
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProductName
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProductVersion
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LinkDate
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Size
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Language
|
|
|
|
\REGISTRY\A\{0ad81335-c33c-22ad-1738-3f52b79d9970}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Usn
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
001840100E09B9CC
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 14 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
981000
|
unkown
|
page execute and read and write
|
|
|
|
52D0000
|
direct allocation
|
page read and write
|
||
|
392E000
|
stack
|
page read and write
|
||
|
5A8E000
|
stack
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
C8A000
|
unkown
|
page execute and write copy
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
1547000
|
heap
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
C2B000
|
unkown
|
page execute and write copy
|
||
|
5440000
|
direct allocation
|
page execute and read and write
|
||
|
4E41000
|
heap
|
page read and write
|
||
|
152F000
|
heap
|
page read and write
|
||
|
3B6F000
|
stack
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
B67000
|
unkown
|
page execute and read and write
|
||
|
BDF000
|
unkown
|
page execute and read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
33EF000
|
stack
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
BD9000
|
unkown
|
page execute and read and write
|
||
|
5430000
|
direct allocation
|
page execute and read and write
|
||
|
15D2000
|
heap
|
page read and write
|
||
|
BCF000
|
unkown
|
page execute and read and write
|
||
|
5450000
|
direct allocation
|
page execute and read and write
|
||
|
540F000
|
stack
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
4BAF000
|
stack
|
page read and write
|
||
|
598D000
|
stack
|
page read and write
|
||
|
352F000
|
stack
|
page read and write
|
||
|
4E41000
|
heap
|
page read and write
|
||
|
1526000
|
heap
|
page read and write
|
||
|
171F000
|
stack
|
page read and write
|
||
|
3A6E000
|
stack
|
page read and write
|
||
|
3167000
|
heap
|
page read and write
|
||
|
5470000
|
direct allocation
|
page execute and read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
BEB000
|
unkown
|
page execute and write copy
|
||
|
41EE000
|
stack
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
C83000
|
unkown
|
page execute and read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
4E41000
|
heap
|
page read and write
|
||
|
406F000
|
stack
|
page read and write
|
||
|
3F2F000
|
stack
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
580F000
|
stack
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
5D7F000
|
stack
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
B88000
|
unkown
|
page execute and read and write
|
||
|
C8A000
|
unkown
|
page execute and write copy
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
574F000
|
trusted library allocation
|
page read and write
|
||
|
3CAF000
|
stack
|
page read and write
|
||
|
C02000
|
unkown
|
page execute and read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
1581000
|
heap
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
3CEE000
|
stack
|
page read and write
|
||
|
5460000
|
direct allocation
|
page execute and read and write
|
||
|
5775000
|
trusted library allocation
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
C6A000
|
unkown
|
page execute and write copy
|
||
|
B99000
|
unkown
|
page execute and read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
B71000
|
unkown
|
page execute and write copy
|
||
|
56CD000
|
stack
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
1569000
|
heap
|
page read and write
|
||
|
B4A000
|
unkown
|
page execute and read and write
|
||
|
9E0000
|
unkown
|
page execute and read and write
|
||
|
15BE000
|
heap
|
page read and write
|
||
|
456F000
|
stack
|
page read and write
|
||
|
3DEF000
|
stack
|
page read and write
|
||
|
594F000
|
stack
|
page read and write
|
||
|
4CEF000
|
stack
|
page read and write
|
||
|
46EE000
|
stack
|
page read and write
|
||
|
15C5000
|
heap
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
5C30000
|
heap
|
page read and write
|
||
|
14EA000
|
heap
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
432E000
|
stack
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
BF3000
|
unkown
|
page execute and write copy
|
||
|
B8B000
|
unkown
|
page execute and read and write
|
||
|
C09000
|
unkown
|
page execute and write copy
|
||
|
B8E000
|
unkown
|
page execute and read and write
|
||
|
B98000
|
unkown
|
page execute and write copy
|
||
|
366F000
|
stack
|
page read and write
|
||
|
4E41000
|
heap
|
page read and write
|
||
|
55CD000
|
stack
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
BF7000
|
unkown
|
page execute and write copy
|
||
|
5752000
|
trusted library allocation
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
558D000
|
stack
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
52D0000
|
direct allocation
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
155C000
|
heap
|
page read and write
|
||
|
4E41000
|
heap
|
page read and write
|
||
|
BB3000
|
unkown
|
page execute and read and write
|
||
|
980000
|
unkown
|
page read and write
|
||
|
52C0000
|
remote allocation
|
page read and write
|
||
|
3F6E000
|
stack
|
page read and write
|
||
|
442F000
|
stack
|
page read and write
|
||
|
5DA0000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
direct allocation
|
page read and write
|
||
|
1583000
|
heap
|
page read and write
|
||
|
1521000
|
heap
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
C82000
|
unkown
|
page execute and write copy
|
||
|
B71000
|
unkown
|
page execute and read and write
|
||
|
5450000
|
direct allocation
|
page execute and read and write
|
||
|
C13000
|
unkown
|
page execute and read and write
|
||
|
1565000
|
heap
|
page read and write
|
||
|
4E41000
|
heap
|
page read and write
|
||
|
316D000
|
heap
|
page read and write
|
||
|
4E41000
|
heap
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
1523000
|
heap
|
page read and write
|
||
|
C2D000
|
unkown
|
page execute and write copy
|
||
|
5420000
|
direct allocation
|
page execute and read and write
|
||
|
37AF000
|
stack
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
46AF000
|
stack
|
page read and write
|
||
|
BDA000
|
unkown
|
page execute and write copy
|
||
|
C82000
|
unkown
|
page execute and write copy
|
||
|
C6B000
|
unkown
|
page execute and read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
135B000
|
stack
|
page read and write
|
||
|
40AE000
|
stack
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
C71000
|
unkown
|
page execute and write copy
|
||
|
161E000
|
stack
|
page read and write
|
||
|
5450000
|
direct allocation
|
page execute and read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
9E0000
|
unkown
|
page execute and write copy
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
B7C000
|
unkown
|
page execute and write copy
|
||
|
5BFF000
|
stack
|
page read and write
|
||
|
5768000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
direct allocation
|
page execute and read and write
|
||
|
C99000
|
unkown
|
page execute and write copy
|
||
|
1559000
|
heap
|
page read and write
|
||
|
C74000
|
unkown
|
page execute and write copy
|
||
|
C0A000
|
unkown
|
page execute and read and write
|
||
|
BD5000
|
unkown
|
page execute and write copy
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
5C7E000
|
stack
|
page read and write
|
||
|
4AAE000
|
stack
|
page read and write
|
||
|
BD0000
|
unkown
|
page execute and write copy
|
||
|
B8C000
|
unkown
|
page execute and write copy
|
||
|
14EE000
|
heap
|
page read and write
|
||
|
15DD000
|
heap
|
page read and write
|
||
|
C98000
|
unkown
|
page execute and read and write
|
||
|
C2C000
|
unkown
|
page execute and read and write
|
||
|
1536000
|
heap
|
page read and write
|
||
|
3BAE000
|
stack
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
BB2000
|
unkown
|
page execute and write copy
|
||
|
564F000
|
trusted library allocation
|
page read and write
|
||
|
31AB000
|
stack
|
page read and write
|
||
|
446D000
|
stack
|
page read and write
|
||
|
482E000
|
stack
|
page read and write
|
||
|
9EC000
|
unkown
|
page execute and write copy
|
||
|
41AF000
|
stack
|
page read and write
|
||
|
52C0000
|
remote allocation
|
page read and write
|
||
|
B87000
|
unkown
|
page execute and write copy
|
||
|
C01000
|
unkown
|
page execute and write copy
|
||
|
356E000
|
stack
|
page read and write
|
||
|
4D2E000
|
stack
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
47EF000
|
stack
|
page read and write
|
||
|
BB4000
|
unkown
|
page execute and write copy
|
||
|
38EF000
|
stack
|
page read and write
|
||
|
BB1000
|
unkown
|
page execute and read and write
|
||
|
C98000
|
unkown
|
page execute and write copy
|
||
|
C56000
|
unkown
|
page execute and read and write
|
||
|
BEC000
|
unkown
|
page execute and read and write
|
||
|
B4C000
|
unkown
|
page execute and write copy
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
4E41000
|
heap
|
page read and write
|
||
|
530B000
|
stack
|
page read and write
|
||
|
C2F000
|
unkown
|
page execute and read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
42EF000
|
stack
|
page read and write
|
||
|
C0B000
|
unkown
|
page execute and write copy
|
||
|
BD4000
|
unkown
|
page execute and read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page read and write
|
||
|
45AE000
|
stack
|
page read and write
|
||
|
5497000
|
trusted library allocation
|
page read and write
|
||
|
570E000
|
stack
|
page read and write
|
||
|
4E2F000
|
stack
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
4A6F000
|
stack
|
page read and write
|
||
|
1583000
|
heap
|
page read and write
|
||
|
185F000
|
stack
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
5450000
|
direct allocation
|
page execute and read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
15DC000
|
heap
|
page read and write
|
||
|
175E000
|
stack
|
page read and write
|
||
|
37EE000
|
stack
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
4E41000
|
heap
|
page read and write
|
||
|
3E2E000
|
stack
|
page read and write
|
||
|
C84000
|
unkown
|
page execute and write copy
|
||
|
BCC000
|
unkown
|
page execute and write copy
|
||
|
1519000
|
heap
|
page read and write
|
||
|
5480000
|
direct allocation
|
page execute and read and write
|
||
|
BF9000
|
unkown
|
page execute and read and write
|
||
|
BB6000
|
unkown
|
page execute and read and write
|
||
|
BA2000
|
unkown
|
page execute and write copy
|
||
|
B7D000
|
unkown
|
page execute and read and write
|
||
|
13C4000
|
heap
|
page read and write
|
||
|
52C0000
|
remote allocation
|
page read and write
|
||
|
5450000
|
direct allocation
|
page execute and read and write
|
||
|
3A2F000
|
stack
|
page read and write
|
||
|
B89000
|
unkown
|
page execute and write copy
|
||
|
492F000
|
stack
|
page read and write
|
||
|
125B000
|
stack
|
page read and write
|
||
|
BF6000
|
unkown
|
page execute and read and write
|
||
|
4E41000
|
heap
|
page read and write
|
||
|
981000
|
unkown
|
page execute and write copy
|
||
|
584E000
|
stack
|
page read and write
|
There are 236 hidden memdumps, click here to show them.