Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
aZm1EZ2IYr.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aZm1EZ2IYr.exe_b472e834091e64353d02c5689452117e2161926_ac611e5f_7d43e3d9-5d04-4320-91f6-e292046f10e0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_aZm1EZ2IYr.exe_b472e834091e64353d02c5689452117e2161926_ac611e5f_c325af49-0a9f-41f3-819f-eca31df3b74a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER49D9.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sun Oct 20 06:35:27 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B41.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B71.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4E0F.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sun Oct 20 06:35:28 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER50C0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER50F0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199786602107[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (3146), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\delays.tmp
|
ISO-8859 text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\aZm1EZ2IYr.exe
|
"C:\Users\user\Desktop\aZm1EZ2IYr.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 2220
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 2384
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://cowod.hopto.org
|
unknown
|
|
|
|
http://cowod.hopto.org/p
|
unknown
|
|
|
|
http://cowod.hopto.org_DEBUG.zip/c
|
unknown
|
|
|
|
http://cowod.hopto.orgclass=
|
unknown
|
|
|
|
http://cowod.hopto.orgsive/header_logo.png
|
unknown
|
|
|
|
http://cowod.hopto.org/
|
unknown
|
|
|
|
https://steamcommunity.com/profiles/76561199786602107
|
104.102.49.254
|
|
|
|
https://player.vimeo.com
|
unknown
|
||
|
https://steamcommunity.com/login/home/?goto=profiles%2F76561199786602107
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://www.gstatic.cn/recaptcha/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
|
unknown
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://www.youtube.com
|
unknown
|
||
|
https://t.me/lpnjoke4/i
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://cowod.hopto.
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://t.me/lpnjokeg0b4cMozilla/5.0
|
unknown
|
||
|
http://cowod.hopto
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/app
|
unknown
|
||
|
https://65.109.142.154
|
unknown
|
||
|
https://s.ytimg.com;
|
unknown
|
||
|
https://steam.tv/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=4Xou
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
|
unknown
|
||
|
https://t.me/lpnjoke
|
149.154.167.99
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=D_iTAfDsLH
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&
|
unknown
|
||
|
https://sketchfab.com
|
unknown
|
||
|
https://lv.queniujq.cn
|
unknown
|
||
|
https://www.youtube.com/
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v
|
unknown
|
||
|
https://community.cloudflare.stea
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199786602107/inventory/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
|
unknown
|
||
|
https://www.google.com/recaptcha/
|
unknown
|
||
|
https://checkout.steampowered.com/
|
unknown
|
||
|
http://cowod.hoptotml
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://store.steampowered.com/;
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engli
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://t.me/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
|
unknown
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199786602107g0b4cMozilla/5.0
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
|
unknown
|
||
|
https://recaptcha.net/recaptcha/;
|
unknown
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
http://cowod.hopto.re
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
|
unknown
|
||
|
https://medal.tv
|
unknown
|
||
|
https://broadcast.st.dl.eccdnx.com
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=nBdvNPPzc0qI&
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://login.steampowered.com/
|
unknown
|
||
|
https://65.109.142.154/C
|
unknown
|
||
|
https://community.c
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
|
unknown
|
||
|
https://recaptcha.net
|
unknown
|
||
|
https://65.109.142.154/
|
65.109.142.154
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199786602107vR.
|
unknown
|
||
|
https://store.steampowered.com/
|
unknown
|
||
|
http://127.0.0.1:27060
|
unknown
|
||
|
http://cowod.oudflare
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199786602107/badges
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
steamcommunity.com
|
104.102.49.254
|
|
|
|
t.me
|
149.154.167.99
|
||
|
cowod.hopto.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.102.49.254
|
steamcommunity.com
|
United States
|
|
|
|
65.109.142.154
|
unknown
|
United States
|
||
|
149.154.167.99
|
t.me
|
United Kingdom
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214EF-0000-0000-C000-000000000046} 0xFFFF
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
ProgramId
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
FileId
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
LongPathHash
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
Name
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
OriginalFileName
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
Publisher
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
Version
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
BinFileVersion
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
BinaryType
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
ProductName
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
ProductVersion
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
LinkDate
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
BinProductVersion
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
Size
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
Language
|
||
|
\REGISTRY\A\{3306b252-915d-804f-85e5-b65c68bac9a8}\Root\InventoryApplicationFile\azm1ez2iyr.exe|1ba5640a2c3063ee
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1B0000
|
unkown
|
page readonly
|
|
|
|
1B0000
|
unkown
|
page readonly
|
|
|
|
201000
|
unkown
|
page read and write
|
|
|
|
39A0000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
2588E000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3AE5000
|
heap
|
page read and write
|
||
|
389C000
|
heap
|
page read and write
|
||
|
2584E000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C708000
|
heap
|
page read and write
|
||
|
3B36000
|
heap
|
page read and write
|
||
|
C710000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
25885000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
2BA6B000
|
stack
|
page read and write
|
||
|
3B36000
|
heap
|
page read and write
|
||
|
3A1E000
|
stack
|
page read and write
|
||
|
125C000
|
stack
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3B2F000
|
heap
|
page read and write
|
||
|
2587A000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3A5E000
|
stack
|
page read and write
|
||
|
3A60000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
2587D000
|
heap
|
page read and write
|
||
|
3A6A000
|
heap
|
page read and write
|
||
|
25881000
|
heap
|
page read and write
|
||
|
180000
|
unkown
|
page readonly
|
||
|
181000
|
unkown
|
page execute and write copy
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3B36000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
180000
|
unkown
|
page readonly
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
84DE000
|
stack
|
page read and write
|
||
|
1DD000
|
unkown
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
2327F000
|
stack
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
20D00000
|
remote allocation
|
page read and write
|
||
|
1766F000
|
stack
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C7F0000
|
unclassified section
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3B22000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
1BD000
|
unkown
|
page write copy
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
181000
|
unkown
|
page execute and write copy
|
||
|
2586F000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3B2F000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
383E000
|
stack
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
1F2000
|
unkown
|
page read and write
|
||
|
3AE8000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
332000
|
unkown
|
page read and write
|
||
|
19BEF000
|
stack
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
2C9000
|
unkown
|
page read and write
|
||
|
32B000
|
unkown
|
page read and write
|
||
|
345000
|
unkown
|
page read and write
|
||
|
1C18F000
|
stack
|
page read and write
|
||
|
1E71C000
|
stack
|
page read and write
|
||
|
3053C000
|
stack
|
page read and write
|
||
|
2DFAC000
|
stack
|
page read and write
|
||
|
39F000
|
unkown
|
page read and write
|
||
|
3A6E000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
31A000
|
unkown
|
page read and write
|
||
|
19C4E000
|
stack
|
page read and write
|
||
|
3B3D000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
3B3D000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
20C9C000
|
stack
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
C6F0000
|
heap
|
page read and write
|
||
|
1C1DD000
|
stack
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
20D00000
|
remote allocation
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
2583C000
|
heap
|
page read and write
|
||
|
3AE9000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
1E75C000
|
stack
|
page read and write
|
||
|
25940000
|
heap
|
page read and write
|
||
|
2582C000
|
heap
|
page read and write
|
||
|
20D3E000
|
stack
|
page read and write
|
||
|
176AE000
|
stack
|
page read and write
|
||
|
3AD2000
|
heap
|
page read and write
|
||
|
3AC5000
|
heap
|
page read and write
|
||
|
3AE5000
|
heap
|
page read and write
|
||
|
AA1F000
|
stack
|
page read and write
|
||
|
1E3000
|
unkown
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
379C000
|
stack
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3F0000
|
unkown
|
page readonly
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
3DD000
|
unkown
|
page read and write
|
||
|
3F0000
|
unkown
|
page readonly
|
||
|
37E0000
|
heap
|
page read and write
|
||
|
3896000
|
heap
|
page read and write
|
||
|
37F0000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
1512F000
|
stack
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
25874000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
387E000
|
stack
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
2581C000
|
stack
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3990000
|
trusted library allocation
|
page read and write
|
||
|
3AD2000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3B6E000
|
heap
|
page read and write
|
||
|
3AE9000
|
heap
|
page read and write
|
||
|
1E7000
|
unkown
|
page read and write
|
||
|
3AE5000
|
heap
|
page read and write
|
||
|
25920000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
37E000
|
unkown
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3ADF000
|
heap
|
page read and write
|
||
|
3792000
|
stack
|
page read and write
|
||
|
3B3E000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
305000
|
unkown
|
page read and write
|
||
|
232DB000
|
stack
|
page read and write
|
||
|
20D00000
|
remote allocation
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3890000
|
heap
|
page read and write
|
||
|
3AE9000
|
heap
|
page read and write
|
||
|
2CF000
|
unkown
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
3ADE000
|
heap
|
page read and write
|
||
|
351000
|
unkown
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
30C000
|
unkown
|
page read and write
|
||
|
313000
|
unkown
|
page read and write
|
||
|
25970000
|
trusted library allocation
|
page read and write
|
||
|
3B3D000
|
heap
|
page read and write
|
||
|
25876000
|
heap
|
page read and write
|
||
|
25822000
|
heap
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
2DFFC000
|
stack
|
page read and write
|
||
|
1BD000
|
unkown
|
page write copy
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
3B63000
|
heap
|
page read and write
|
||
|
3AB6000
|
heap
|
page read and write
|
||
|
2B8E0000
|
trusted library allocation
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
||
|
C6F1000
|
heap
|
page read and write
|
There are 178 hidden memdumps, click here to show them.