Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
pcre2-16.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pcr_1731c9291b48156d38e2b4f8fc44dc6afe3fb_76fbbc46_037511ff-28df-4739-9281-9d59950f9335\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pcr_1731c9291b48156d38e2b4f8fc44dc6afe3fb_76fbbc46_9d0da3c6-3573-4aad-832a-d223597dd415\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pcr_7e5183b4bd0fdc294ad553aa5ff79f7eff7cd_76fbbc46_ee145759-fa36-48dc-86ba-2b6d51b93db1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pcr_a85d3f61e282c6ab111541d23626a541f6483d_76fbbc46_27c8a652-5e23-4709-baa0-ace937338ba4\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AD.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon May 27 18:14:37 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1ED.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER20D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB37.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon May 27 18:14:31 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB47.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon May 27 18:14:31 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREBF4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC23.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC33.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC81.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5D6.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon May 27 18:14:34 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF616.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF636.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\pcre2-16.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\pcre2-16.dll,pcre2_callout_enumerate_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7336 -s 332
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7320 -s 332
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\pcre2-16.dll,pcre2_code_copy_16
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7596 -s 324
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\pcre2-16.dll,pcre2_code_copy_with_tables_16
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7756 -s 324
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_callout_enumerate_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_code_copy_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_code_copy_with_tables_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_number_from_name_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_nametable_scan_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_list_get_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_list_free_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_length_bynumber_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_length_byname_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_get_bynumber_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_get_byname_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_free_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_copy_bynumber_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substring_copy_byname_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_substitute_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_set_substitute_callout_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_set_recursion_memory_management_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_set_recursion_limit_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_set_parens_nest_limit_16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\pcre2-16.dll",pcre2_set_offset_limit_16
|
There are 21 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{708ab013-54ef-2dd4-d336-56c6996200e2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
FAA1D7F000
|
stack
|
page read and write
|
||
|
19B18170000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
1B511650000
|
heap
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
29248EE0000
|
heap
|
page read and write
|
||
|
1E4D3CF000
|
stack
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
19B182F8000
|
heap
|
page read and write
|
||
|
21501380000
|
heap
|
page read and write
|
||
|
266FC930000
|
heap
|
page read and write
|
||
|
173DED60000
|
remote allocation
|
page read and write
|
||
|
23812BF0000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
1AFC8B20000
|
heap
|
page read and write
|
||
|
D76390F000
|
stack
|
page read and write
|
||
|
1AC998B8000
|
heap
|
page read and write
|
||
|
A389B7E000
|
stack
|
page read and write
|
||
|
652C8FF000
|
stack
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
16B52995000
|
heap
|
page read and write
|
||
|
1144B8B0000
|
remote allocation
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
173DD210000
|
heap
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
1AFC7060000
|
heap
|
page read and write
|
||
|
16102725000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
F98EA7F000
|
stack
|
page read and write
|
||
|
1AC99830000
|
heap
|
page read and write
|
||
|
1A71D620000
|
heap
|
page read and write
|
||
|
1B511640000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
23812DA0000
|
remote allocation
|
page read and write
|
||
|
33DC17F000
|
stack
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
47C56FF000
|
stack
|
page read and write
|
||
|
1B5116B0000
|
heap
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
16B52990000
|
heap
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
266FC6C0000
|
heap
|
page read and write
|
||
|
2C3B5B40000
|
heap
|
page read and write
|
||
|
266FC6F0000
|
heap
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
F842D1C000
|
stack
|
page read and write
|
||
|
F98E7BC000
|
stack
|
page read and write
|
||
|
29AF6870000
|
remote allocation
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
FAA1CFE000
|
stack
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
25F0A250000
|
heap
|
page read and write
|
||
|
652C5AC000
|
stack
|
page read and write
|
||
|
1DA21010000
|
remote allocation
|
page read and write
|
||
|
D1F79EF000
|
stack
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
1144B640000
|
heap
|
page read and write
|
||
|
23812AF0000
|
heap
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
78DF7FF000
|
stack
|
page read and write
|
||
|
16B54310000
|
heap
|
page read and write
|
||
|
2924AA00000
|
heap
|
page read and write
|
||
|
1FBB05C0000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
190ABD70000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
25F086C0000
|
heap
|
page read and write
|
||
|
1A085E60000
|
heap
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
266FC6F8000
|
heap
|
page read and write
|
||
|
16B52760000
|
heap
|
page read and write
|
||
|
1A71D628000
|
heap
|
page read and write
|
||
|
7AFC4BC000
|
stack
|
page read and write
|
||
|
F842D9E000
|
stack
|
page read and write
|
||
|
1DA20D70000
|
heap
|
page read and write
|
||
|
F98EAFF000
|
stack
|
page read and write
|
||
|
1A087BB0000
|
heap
|
page read and write
|
||
|
19B18290000
|
heap
|
page read and write
|
||
|
29AF65C0000
|
heap
|
page read and write
|
||
|
1DA21115000
|
heap
|
page read and write
|
||
|
230168E0000
|
heap
|
page read and write
|
||
|
25F08728000
|
heap
|
page read and write
|
||
|
1A71D730000
|
heap
|
page read and write
|
||
|
960ADDF000
|
stack
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
23812C50000
|
heap
|
page read and write
|
||
|
190ABCC0000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
173DD2B0000
|
heap
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
1A71D62F000
|
heap
|
page read and write
|
||
|
2C3B3F50000
|
heap
|
page read and write
|
||
|
33DC0FF000
|
stack
|
page read and write
|
||
|
29AF6975000
|
heap
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
16102700000
|
heap
|
page read and write
|
||
|
21501460000
|
heap
|
page read and write
|
||
|
F53447F000
|
stack
|
page read and write
|
||
|
25F086F0000
|
heap
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
1A71D830000
|
heap
|
page read and write
|
||
|
270E9A80000
|
heap
|
page read and write
|
||
|
FDD07F000
|
stack
|
page read and write
|
||
|
47C567C000
|
stack
|
page read and write
|
||
|
1CD4BFD8000
|
heap
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
1E4D67F000
|
stack
|
page read and write
|
||
|
29AF68C0000
|
heap
|
page read and write
|
||
|
190ABCE0000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
270E9B40000
|
heap
|
page read and write
|
||
|
6CB4B7F000
|
stack
|
page read and write
|
||
|
A389AFF000
|
stack
|
page read and write
|
||
|
1FBB0825000
|
heap
|
page read and write
|
||
|
1CD4C385000
|
heap
|
page read and write
|
||
|
1D95A040000
|
heap
|
page read and write
|
||
|
215011B8000
|
heap
|
page read and write
|
||
|
2C3B4210000
|
remote allocation
|
page read and write
|
||
|
1DA20D78000
|
heap
|
page read and write
|
||
|
270E9B48000
|
heap
|
page read and write
|
||
|
1A086200000
|
remote allocation
|
page read and write
|
||
|
1CD4BF50000
|
heap
|
page read and write
|
||
|
29248E40000
|
heap
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
FDD0FF000
|
stack
|
page read and write
|
||
|
1AC998B0000
|
heap
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
955F67F000
|
stack
|
page read and write
|
||
|
2C3B4028000
|
heap
|
page read and write
|
||
|
173DD245000
|
heap
|
page read and write
|
||
|
230169A8000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
1A71F190000
|
heap
|
page read and write
|
||
|
1AFC7068000
|
heap
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
1A086220000
|
heap
|
page read and write
|
||
|
2C3B4235000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
19B19BC0000
|
heap
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
29248E30000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
190ABBC0000
|
heap
|
page read and write
|
||
|
4C80F2F000
|
stack
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
F84307E000
|
stack
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
1AC99810000
|
heap
|
page read and write
|
||
|
270E9E05000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
190ABAD0000
|
heap
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
240C1180000
|
heap
|
page read and write
|
||
|
161027C0000
|
remote allocation
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
29AF6970000
|
heap
|
page read and write
|
||
|
B180FC000
|
stack
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
25F086D0000
|
heap
|
page read and write
|
||
|
1FBB04C0000
|
heap
|
page read and write
|
||
|
2924A980000
|
remote allocation
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
161027D0000
|
heap
|
page read and write
|
||
|
173DEC60000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
173DD200000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
21501465000
|
heap
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
1AFC7215000
|
heap
|
page read and write
|
||
|
78DF77E000
|
stack
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
173DD250000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
608DAEC000
|
stack
|
page read and write
|
||
|
190AD530000
|
remote allocation
|
page read and write
|
||
|
4C80FAF000
|
stack
|
page read and write
|
||
|
1AFC6FE0000
|
heap
|
page read and write
|
||
|
4B9147F000
|
stack
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
1FBB0820000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
240C0F48000
|
heap
|
page read and write
|
||
|
16E80FF000
|
stack
|
page read and write
|
||
|
955F39C000
|
stack
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
29AF66A0000
|
heap
|
page read and write
|
||
|
1A71D810000
|
heap
|
page read and write
|
||
|
190ABD75000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
266FE2D0000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
2C3B3E70000
|
heap
|
page read and write
|
||
|
1AFC7190000
|
remote allocation
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
1AFC6EE0000
|
heap
|
page read and write
|
||
|
1A085F60000
|
heap
|
page read and write
|
||
|
19B18250000
|
heap
|
page read and write
|
||
|
1AC99BA0000
|
heap
|
page read and write
|
||
|
2C3B3F70000
|
heap
|
page read and write
|
||
|
161027D8000
|
heap
|
page read and write
|
||
|
FAA1C7C000
|
stack
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
16B52880000
|
heap
|
page read and write
|
||
|
1A086060000
|
heap
|
page read and write
|
||
|
16102720000
|
heap
|
page read and write
|
||
|
1FBB2110000
|
heap
|
page read and write
|
||
|
16B52780000
|
heap
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
C66087E000
|
stack
|
page read and write
|
||
|
1DA20D60000
|
heap
|
page read and write
|
||
|
21502D00000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
7AFC5BF000
|
stack
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
1D95A060000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
1D95A030000
|
heap
|
page read and write
|
||
|
29AF67D0000
|
heap
|
page read and write
|
||
|
23016C40000
|
remote allocation
|
page read and write
|
||
|
190ABBC8000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
D76388C000
|
stack
|
page read and write
|
||
|
D76398E000
|
stack
|
page read and write
|
||
|
240C0F40000
|
heap
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
266FC935000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
D1F796F000
|
stack
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
1144B600000
|
heap
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
1144B8D0000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
23812BD0000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
960ACDC000
|
stack
|
page read and write
|
||
|
16E817F000
|
stack
|
page read and write
|
||
|
270E9AA0000
|
heap
|
page read and write
|
||
|
23812C58000
|
heap
|
page read and write
|
||
|
1AFC6FC0000
|
heap
|
page read and write
|
||
|
23018390000
|
heap
|
page read and write
|
||
|
1A086225000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
1AC99AE0000
|
heap
|
page read and write
|
||
|
33DC07C000
|
stack
|
page read and write
|
||
|
78DF6FC000
|
stack
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
23812E05000
|
heap
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
1CD4DB10000
|
heap
|
page read and write
|
||
|
270E9B20000
|
heap
|
page read and write
|
||
|
1AFC7210000
|
heap
|
page read and write
|
||
|
29248ED0000
|
heap
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
474531C000
|
stack
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
215013A0000
|
heap
|
page read and write
|
||
|
1FBB0770000
|
remote allocation
|
page read and write
|
||
|
2C3B4020000
|
heap
|
page read and write
|
||
|
4B911EF000
|
stack
|
page read and write
|
||
|
1FBB0640000
|
heap
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
23812E00000
|
heap
|
page read and write
|
||
|
1FBB05A0000
|
heap
|
page read and write
|
||
|
960AD5F000
|
stack
|
page read and write
|
||
|
240C0E50000
|
heap
|
page read and write
|
||
|
161026E0000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
1A71D860000
|
heap
|
page read and write
|
||
|
1DA20F40000
|
heap
|
page read and write
|
||
|
173DD240000
|
heap
|
page read and write
|
||
|
1144B648000
|
heap
|
page read and write
|
||
|
47C577F000
|
stack
|
page read and write
|
||
|
23016C65000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
29248E60000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
F5341BC000
|
stack
|
page read and write
|
||
|
25F08720000
|
heap
|
page read and write
|
||
|
1A71D865000
|
heap
|
page read and write
|
||
|
1B5116BD000
|
heap
|
page read and write
|
||
|
1144B610000
|
heap
|
page read and write
|
||
|
1CD4DA90000
|
remote allocation
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
1CD4BF70000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
266FE200000
|
remote allocation
|
page read and write
|
||
|
4B9116C000
|
stack
|
page read and write
|
||
|
1DA20F60000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
25F08970000
|
remote allocation
|
page read and write
|
||
|
266FC8C0000
|
heap
|
page read and write
|
||
|
19B18295000
|
heap
|
page read and write
|
||
|
1144D1C0000
|
heap
|
page read and write
|
||
|
1CD4BF40000
|
heap
|
page read and write
|
||
|
1D95A420000
|
heap
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
1FBB0648000
|
heap
|
page read and write
|
||
|
1D95A0AF000
|
heap
|
page read and write
|
||
|
270E9E00000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
2C3B4230000
|
heap
|
page read and write
|
||
|
1D95BBC0000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
25F089C5000
|
heap
|
page read and write
|
||
|
215011B0000
|
heap
|
page read and write
|
||
|
240C1060000
|
heap
|
page read and write
|
||
|
1AC99800000
|
heap
|
page read and write
|
||
|
25F089C0000
|
heap
|
page read and write
|
||
|
240C2AB0000
|
heap
|
page read and write
|
||
|
29AF66D8000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
C66053C000
|
stack
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
474539F000
|
stack
|
page read and write
|
||
|
1DA21090000
|
heap
|
page read and write
|
||
|
1D95A425000
|
heap
|
page read and write
|
||
|
19B19CD0000
|
remote allocation
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
955F6FF000
|
stack
|
page read and write
|
||
|
29248EE8000
|
heap
|
page read and write
|
||
|
6CB4A7C000
|
stack
|
page read and write
|
||
|
1144B8D5000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
7AFC53F000
|
stack
|
page read and write
|
||
|
21501190000
|
heap
|
page read and write
|
||
|
266FC6B0000
|
heap
|
page read and write
|
||
|
161040E0000
|
heap
|
page read and write
|
||
|
1AC99BA5000
|
heap
|
page read and write
|
||
|
C6605BE000
|
stack
|
page read and write
|
||
|
1D95A0A7000
|
heap
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
29248ED5000
|
heap
|
page read and write
|
||
|
AC479EF000
|
stack
|
page read and write
|
||
|
240C0F4E000
|
heap
|
page read and write
|
||
|
4C80EAC000
|
stack
|
page read and write
|
||
|
D1F78EC000
|
stack
|
page read and write
|
||
|
19B18270000
|
heap
|
page read and write
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
16B52680000
|
heap
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
238146C0000
|
heap
|
page read and write
|
||
|
190AD590000
|
heap
|
page read and write
|
||
|
1CD4C380000
|
heap
|
page read and write
|
||
|
1AC99AB0000
|
remote allocation
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
270E9A70000
|
heap
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
1CD4BFD0000
|
heap
|
page read and write
|
||
|
1DA21110000
|
heap
|
page read and write
|
||
|
23016900000
|
heap
|
page read and write
|
||
|
AC47C7F000
|
stack
|
page read and write
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
16102600000
|
heap
|
page read and write
|
||
|
19B182F0000
|
heap
|
page read and write
|
||
|
1A085F40000
|
heap
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
7FFE004F1000
|
unkown
|
page execute read
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
16B52930000
|
remote allocation
|
page read and write
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
23016C60000
|
heap
|
page read and write
|
||
|
1E4D34C000
|
stack
|
page read and write
|
||
|
1144B810000
|
heap
|
page read and write
|
||
|
FDCD9C000
|
stack
|
page read and write
|
||
|
173DD2B8000
|
heap
|
page read and write
|
||
|
23016800000
|
heap
|
page read and write
|
||
|
608DBEF000
|
stack
|
page read and write
|
||
|
7FFE0056A000
|
unkown
|
page readonly
|
||
|
16B52788000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
1D95A0A0000
|
heap
|
page read and write
|
||
|
240C1185000
|
heap
|
page read and write
|
||
|
652C87F000
|
stack
|
page read and write
|
||
|
A389A7C000
|
stack
|
page read and write
|
||
|
474567F000
|
stack
|
page read and write
|
||
|
29AF66D0000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
7FFE00552000
|
unkown
|
page readonly
|
||
|
230169A0000
|
heap
|
page read and write
|
||
|
F5344FF000
|
stack
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
AC4796C000
|
stack
|
page read and write
|
||
|
1B5116CA000
|
heap
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
7FFE00569000
|
unkown
|
page read and write
|
||
|
240C1040000
|
heap
|
page read and write
|
||
|
1B5116CD000
|
heap
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
||
|
6CB4AFF000
|
stack
|
page read and write
|
||
|
608DB6F000
|
stack
|
page read and write
|
||
|
7FFE00545000
|
unkown
|
page readonly
|
||
|
1A085F68000
|
heap
|
page read and write
|
||
|
16E807C000
|
stack
|
page read and write
|
||
|
7FFE004F0000
|
unkown
|
page readonly
|
There are 427 hidden memdumps, click here to show them.