Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
libmmd.dll.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_lib_7fb52cffe21ecd6abfc1c32e247ab46588f99498_0fd03ba9_5097cc39-576f-429e-8e24-a95d50f63d86\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_lib_7fb52cffe21ecd6abfc1c32e247ab46588f99498_0fd03ba9_7f5ebac1-d6d5-4cf2-8be5-db53b231b40a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_lib_9afd1e816e2885921660f65cfabdd427ac9437d_0fd03ba9_2091bba8-a1b3-45bc-be49-99cc77a1e4cd\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_lib_a3b6957ca019c315fa2e856f651d7b4deeb1dc56_0fd03ba9_e9428bdd-c82c-4b88-bda4-2e7421f6b2a7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B3E.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Jul 27 09:33:56 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B4E.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Jul 27 09:33:56 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BCC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BFC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C4A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C99.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER363B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Jul 27 09:33:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER366A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER369A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4389.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Jul 27 09:34:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER43C8.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER43E9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\libmmd.dll.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,_LIB_VERSIONIMF
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5572 -s 328
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5180 -s 328
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acosdq
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7212 -s 328
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acoshq
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7360 -s 320
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",_LIB_VERSIONIMF
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acosdq
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acoshq
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynl
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",yn
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1l
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0l
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncl
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",trunc
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammal
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf16
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgamma
|
There are 24 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://ocsp.sectigo.com0.
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{3027bbe8-40d1-fb1e-95ec-4d94e3440668}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
FDCEEFF000
|
stack
|
page read and write
|
||
|
191D4BC0000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
60AD47F000
|
stack
|
page read and write
|
||
|
1BE33360000
|
heap
|
page read and write
|
||
|
21764268000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
219A1AE0000
|
remote allocation
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
259D42E0000
|
heap
|
page read and write
|
||
|
2AB07240000
|
heap
|
page read and write
|
||
|
1F1C3440000
|
remote allocation
|
page read and write
|
||
|
233F7605000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
4CCE8FF000
|
stack
|
page read and write
|
||
|
1FC7B8B0000
|
heap
|
page read and write
|
||
|
20766D15000
|
heap
|
page read and write
|
||
|
19D117D0000
|
heap
|
page read and write
|
||
|
D0DF19F000
|
stack
|
page read and write
|
||
|
1E6FDB20000
|
heap
|
page read and write
|
||
|
16AE4050000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
1A499A20000
|
heap
|
page read and write
|
||
|
19D11C40000
|
heap
|
page read and write
|
||
|
254293F000
|
stack
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
B400E7F000
|
stack
|
page read and write
|
||
|
7DE4C7F000
|
stack
|
page read and write
|
||
|
217642F6000
|
heap
|
page read and write
|
||
|
18D61840000
|
heap
|
page read and write
|
||
|
1F9F43B0000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
1A499A25000
|
heap
|
page read and write
|
||
|
18BFECD0000
|
heap
|
page read and write
|
||
|
1F9F4347000
|
heap
|
page read and write
|
||
|
1A4996B0000
|
heap
|
page read and write
|
||
|
16AE40A0000
|
heap
|
page read and write
|
||
|
24564AF8000
|
heap
|
page read and write
|
||
|
19D11C45000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
1E6FD830000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
E79C7C000
|
stack
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
13CE8406000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1F9F4430000
|
remote allocation
|
page read and write
|
||
|
27423928000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
217640E0000
|
heap
|
page read and write
|
||
|
2AB07250000
|
heap
|
page read and write
|
||
|
1E8E3738000
|
heap
|
page read and write
|
||
|
246E5080000
|
heap
|
page read and write
|
||
|
24564D80000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
245663B0000
|
remote allocation
|
page read and write
|
||
|
1FDAEB70000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1BE33440000
|
heap
|
page read and write
|
||
|
20766C45000
|
heap
|
page read and write
|
||
|
1EBC4880000
|
heap
|
page read and write
|
||
|
16AE4080000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
80F9DF000
|
stack
|
page read and write
|
||
|
6783DBF000
|
stack
|
page read and write
|
||
|
2AB07316000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
D0DF47F000
|
stack
|
page read and write
|
||
|
C5C767C000
|
stack
|
page read and write
|
||
|
27423B95000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
233F7600000
|
heap
|
page read and write
|
||
|
6C590FF000
|
stack
|
page read and write
|
||
|
1A499848000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
1E6FDA30000
|
heap
|
page read and write
|
||
|
15ACFE000
|
stack
|
page read and write
|
||
|
1FC7B6A0000
|
heap
|
page read and write
|
||
|
1F9F4450000
|
heap
|
page read and write
|
||
|
501FD8F000
|
stack
|
page read and write
|
||
|
19D11988000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
1EBC2D60000
|
heap
|
page read and write
|
||
|
274238A0000
|
heap
|
page read and write
|
||
|
1BE33780000
|
heap
|
page read and write
|
||
|
259D2A90000
|
remote allocation
|
page read and write
|
||
|
58BFFDF000
|
stack
|
page read and write
|
||
|
E23339C000
|
stack
|
page read and write
|
||
|
1FE97FB0000
|
remote allocation
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
20766BE0000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
1168F988000
|
heap
|
page read and write
|
||
|
18BFD1C0000
|
heap
|
page read and write
|
||
|
22F01470000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
1168FC75000
|
heap
|
page read and write
|
||
|
217641C0000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
219A1840000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
1168FA16000
|
heap
|
page read and write
|
||
|
1FDAD110000
|
heap
|
page read and write
|
||
|
1A499840000
|
heap
|
page read and write
|
||
|
1FDAD3E5000
|
heap
|
page read and write
|
||
|
E79CFF000
|
stack
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
18BFD1F0000
|
heap
|
page read and write
|
||
|
1FE97EE6000
|
heap
|
page read and write
|
||
|
24564AF0000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
1E8E37C6000
|
heap
|
page read and write
|
||
|
1FDAD0D0000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
1BE33537000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
7FFDFB80E000
|
unkown
|
page write copy
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
F2DC8FC000
|
stack
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
1FC7B7B0000
|
heap
|
page read and write
|
||
|
1F97E2C0000
|
heap
|
page read and write
|
||
|
1BE334A0000
|
heap
|
page read and write
|
||
|
FDCEE7F000
|
stack
|
page read and write
|
||
|
E23367F000
|
stack
|
page read and write
|
||
|
B400BCF000
|
stack
|
page read and write
|
||
|
219A1950000
|
heap
|
page read and write
|
||
|
16AE4390000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
1EBC2D68000
|
heap
|
page read and write
|
||
|
1168FBB0000
|
heap
|
page read and write
|
||
|
191D4BE0000
|
heap
|
page read and write
|
||
|
246E51E9000
|
heap
|
page read and write
|
||
|
B400B4C000
|
stack
|
page read and write
|
||
|
1FE97D10000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
8E2432C000
|
stack
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
1E8E5090000
|
heap
|
page read and write
|
||
|
1EBC2F80000
|
remote allocation
|
page read and write
|
||
|
1F1C33A0000
|
heap
|
page read and write
|
||
|
13CE8378000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
18D61845000
|
heap
|
page read and write
|
||
|
19D118B0000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
4CCE5BC000
|
stack
|
page read and write
|
||
|
60AD1AC000
|
stack
|
page read and write
|
||
|
1FDAD1A5000
|
heap
|
page read and write
|
||
|
7FFDFB80E000
|
unkown
|
page write copy
|
||
|
501FC8C000
|
stack
|
page read and write
|
||
|
20766C40000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
20766BC0000
|
heap
|
page read and write
|
||
|
13CE82B0000
|
heap
|
page read and write
|
||
|
C5C76FF000
|
stack
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1F9F42B8000
|
heap
|
page read and write
|
||
|
1E6FD868000
|
heap
|
page read and write
|
||
|
2AB07288000
|
heap
|
page read and write
|
||
|
259D2AD0000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
E79D7F000
|
stack
|
page read and write
|
||
|
1F1C34D0000
|
heap
|
page read and write
|
||
|
274254E0000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
24566480000
|
heap
|
page read and write
|
||
|
3A7267F000
|
stack
|
page read and write
|
||
|
259D2670000
|
heap
|
page read and write
|
||
|
21765CE0000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
274239B6000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
E034C8C000
|
stack
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
1EBC2F95000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
191D4B56000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
3A7231C000
|
stack
|
page read and write
|
||
|
1FE97E10000
|
heap
|
page read and write
|
||
|
18BFD240000
|
heap
|
page read and write
|
||
|
24564A40000
|
heap
|
page read and write
|
||
|
1FE97E58000
|
heap
|
page read and write
|
||
|
2AB07280000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
25428BC000
|
stack
|
page read and write
|
||
|
19D11A16000
|
heap
|
page read and write
|
||
|
C5C777F000
|
stack
|
page read and write
|
||
|
233F7430000
|
heap
|
page read and write
|
||
|
1FE97DF0000
|
heap
|
page read and write
|
||
|
1A0450F000
|
stack
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB80D000
|
unkown
|
page read and write
|
||
|
1EBC2D10000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
8E243AF000
|
stack
|
page read and write
|
||
|
1168FBF0000
|
remote allocation
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
191D4BE5000
|
heap
|
page read and write
|
||
|
246E51D0000
|
heap
|
page read and write
|
||
|
1A499790000
|
heap
|
page read and write
|
||
|
2AB08C60000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
191D6440000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
18D63110000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
219A1A50000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
16AE4395000
|
heap
|
page read and write
|
||
|
18D61550000
|
heap
|
page read and write
|
||
|
24564A60000
|
heap
|
page read and write
|
||
|
18BFD1F5000
|
heap
|
page read and write
|
||
|
13CE8325000
|
heap
|
page read and write
|
||
|
1A49B2F0000
|
heap
|
page read and write
|
||
|
62AA4FF000
|
stack
|
page read and write
|
||
|
1168F980000
|
heap
|
page read and write
|
||
|
1F9F4290000
|
heap
|
page read and write
|
||
|
62AA47C000
|
stack
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
1BE334A8000
|
heap
|
page read and write
|
||
|
1FC7B7B8000
|
heap
|
page read and write
|
||
|
191D4AC8000
|
heap
|
page read and write
|
||
|
80F95C000
|
stack
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
19D118D0000
|
heap
|
page read and write
|
||
|
1E6FD8F6000
|
heap
|
page read and write
|
||
|
18D617C0000
|
remote allocation
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
1BE33785000
|
heap
|
page read and write
|
||
|
6C5907C000
|
stack
|
page read and write
|
||
|
1F97E3C8000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
18BFD0C0000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
2AB07495000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
27423890000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
6C5917F000
|
stack
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
1A0448C000
|
stack
|
page read and write
|
||
|
7DE499F000
|
stack
|
page read and write
|
||
|
13CE82C0000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
D79ABCF000
|
stack
|
page read and write
|
||
|
1EBC2DF6000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
1F1C31B0000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
1FDAEB10000
|
remote allocation
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
12F47F000
|
stack
|
page read and write
|
||
|
20766AE0000
|
heap
|
page read and write
|
||
|
191D4AC0000
|
heap
|
page read and write
|
||
|
1A0458F000
|
stack
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
1F1C3450000
|
heap
|
page read and write
|
||
|
1EBC2CF0000
|
heap
|
page read and write
|
||
|
1FDAD3E0000
|
heap
|
page read and write
|
||
|
13CE8320000
|
heap
|
page read and write
|
||
|
19D11980000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1FC7B8D5000
|
heap
|
page read and write
|
||
|
1F97E3C0000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1F9F42B0000
|
heap
|
page read and write
|
||
|
22F018A0000
|
remote allocation
|
page read and write
|
||
|
16AE4137000
|
heap
|
page read and write
|
||
|
1E6FD860000
|
heap
|
page read and write
|
||
|
5F3E7DF000
|
stack
|
page read and write
|
||
|
27423B90000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
20766C88000
|
heap
|
page read and write
|
||
|
1F1C3380000
|
heap
|
page read and write
|
||
|
1E8E5010000
|
remote allocation
|
page read and write
|
||
|
1168F940000
|
heap
|
page read and write
|
||
|
1F97E1E0000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1F97E2E0000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
6783D3F000
|
stack
|
page read and write
|
||
|
259D2690000
|
heap
|
page read and write
|
||
|
219A33F0000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
7FFDFB80D000
|
unkown
|
page read and write
|
||
|
1C0298F000
|
stack
|
page read and write
|
||
|
1A499950000
|
remote allocation
|
page read and write
|
||
|
1FC7B846000
|
heap
|
page read and write
|
||
|
18D615D0000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
233F7510000
|
heap
|
page read and write
|
||
|
191D4BF0000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
19D11940000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1BE34EA0000
|
remote allocation
|
page read and write
|
||
|
18D61570000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
1F1C34D5000
|
heap
|
page read and write
|
||
|
1F1C3246000
|
heap
|
page read and write
|
||
|
24564B86000
|
heap
|
page read and write
|
||
|
1037B3F000
|
stack
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
58C6C7C000
|
stack
|
page read and write
|
||
|
219A1B40000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1FC7D170000
|
heap
|
page read and write
|
||
|
219A1958000
|
heap
|
page read and write
|
||
|
E2336FF000
|
stack
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1E8E36C0000
|
heap
|
page read and write
|
||
|
1C02C7F000
|
stack
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1FC7D0D0000
|
remote allocation
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
5F3E75C000
|
stack
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
219A1920000
|
heap
|
page read and write
|
||
|
8E2467F000
|
stack
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
1A4997B0000
|
heap
|
page read and write
|
||
|
1E6FD840000
|
heap
|
page read and write
|
||
|
1FC7B8D0000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
5F3EA7F000
|
stack
|
page read and write
|
||
|
1F97E5C5000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
1168F950000
|
heap
|
page read and write
|
||
|
16AE4060000
|
heap
|
page read and write
|
||
|
D79AB4C000
|
stack
|
page read and write
|
||
|
233F75D0000
|
remote allocation
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB80E000
|
unkown
|
page write copy
|
||
|
246E51EC000
|
heap
|
page read and write
|
||
|
22F01696000
|
heap
|
page read and write
|
||
|
22F03030000
|
heap
|
page read and write
|
||
|
191D49E0000
|
heap
|
page read and write
|
||
|
1BE33460000
|
heap
|
page read and write
|
||
|
22F01550000
|
heap
|
page read and write
|
||
|
27423920000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page read and write
|
||
|
2AB07450000
|
heap
|
page read and write
|
||
|
6783CBC000
|
stack
|
page read and write
|
||
|
1F97FEE0000
|
heap
|
page read and write
|
||
|
191D6430000
|
remote allocation
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
18BFD2D6000
|
heap
|
page read and write
|
||
|
24564D85000
|
heap
|
page read and write
|
||
|
24564960000
|
heap
|
page read and write
|
||
|
15A9EC000
|
stack
|
page read and write
|
||
|
25429BF000
|
stack
|
page read and write
|
||
|
18BFD1A0000
|
heap
|
page read and write
|
||
|
16AE40A8000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
1E8E3720000
|
heap
|
page read and write
|
||
|
62AA57F000
|
stack
|
page read and write
|
||
|
18D61666000
|
heap
|
page read and write
|
||
|
1F97E456000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
1E8E36A0000
|
heap
|
page read and write
|
||
|
1F1C31B8000
|
heap
|
page read and write
|
||
|
259D2720000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
21764200000
|
heap
|
page read and write
|
||
|
1E8E3725000
|
heap
|
page read and write
|
||
|
13CE82E0000
|
heap
|
page read and write
|
||
|
12F13C000
|
stack
|
page read and write
|
||
|
1BE34F20000
|
heap
|
page read and write
|
||
|
1FDACFD0000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
22F01600000
|
heap
|
page read and write
|
||
|
1FC7B780000
|
heap
|
page read and write
|
||
|
58C6CFF000
|
stack
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
2AB07490000
|
heap
|
page read and write
|
||
|
1EBC2CE0000
|
heap
|
page read and write
|
||
|
1037BBF000
|
stack
|
page read and write
|
||
|
259D27B6000
|
heap
|
page read and write
|
||
|
1FE98000000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
21764260000
|
heap
|
page read and write
|
||
|
60AD4FF000
|
stack
|
page read and write
|
||
|
1E6FDAE0000
|
remote allocation
|
page read and write
|
||
|
1F1C31A0000
|
heap
|
page read and write
|
||
|
1E6FDB25000
|
heap
|
page read and write
|
||
|
D79AE7F000
|
stack
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
1FDAD0B0000
|
heap
|
page read and write
|
||
|
1EBC2F90000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
233F8F80000
|
heap
|
page read and write
|
||
|
22F01570000
|
heap
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
1F9F41B0000
|
heap
|
page read and write
|
||
|
13CE9EA0000
|
heap
|
page read and write
|
||
|
1F9F4455000
|
heap
|
page read and write
|
||
|
1F97E5C0000
|
heap
|
page read and write
|
||
|
58BFF5F000
|
stack
|
page read and write
|
||
|
1168FB50000
|
heap
|
page read and write
|
||
|
501FD0F000
|
stack
|
page read and write
|
||
|
1037ABC000
|
stack
|
page read and write
|
||
|
259D2660000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
219A19E6000
|
heap
|
page read and write
|
||
|
13CE9DF0000
|
remote allocation
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
259D2AD5000
|
heap
|
page read and write
|
||
|
233F73B6000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
FDCEBAC000
|
stack
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
246E51DD000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
1FE98025000
|
heap
|
page read and write
|
||
|
1FE97E50000
|
heap
|
page read and write
|
||
|
233F7328000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
1E8E35C0000
|
heap
|
page read and write
|
||
|
274238C0000
|
heap
|
page read and write
|
||
|
2AB08D90000
|
remote allocation
|
page read and write
|
||
|
18BFD248000
|
heap
|
page read and write
|
||
|
1C0290C000
|
stack
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
22F018D5000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
1E6FDAA0000
|
heap
|
page read and write
|
||
|
22F018D0000
|
heap
|
page read and write
|
||
|
233F7320000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
1F97E380000
|
remote allocation
|
page read and write
|
||
|
22F01608000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
18D61540000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
246E5160000
|
heap
|
page read and write
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
7FFDFB853000
|
unkown
|
page readonly
|
||
|
7FFDFB80D000
|
unkown
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
20766C70000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
217641E0000
|
heap
|
page read and write
|
||
|
1A4998D6000
|
heap
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
233F7530000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
58BFEDC000
|
stack
|
page read and write
|
||
|
219A1B45000
|
heap
|
page read and write
|
||
|
259D2728000
|
heap
|
page read and write
|
||
|
7FFDFB84F000
|
unkown
|
page read and write
|
||
|
1FDAD118000
|
heap
|
page read and write
|
||
|
13CE8370000
|
heap
|
page read and write
|
||
|
E034D0F000
|
stack
|
page read and write
|
||
|
7DE491C000
|
stack
|
page read and write
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
1F9F5C40000
|
heap
|
page read and write
|
||
|
1E8E3730000
|
heap
|
page read and write
|
||
|
16AE5CF0000
|
heap
|
page read and write
|
||
|
D0DF11C000
|
stack
|
page read and write
|
||
|
1FE98020000
|
heap
|
page read and write
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB4B0000
|
unkown
|
page readonly
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
7FFDFB80E000
|
unkown
|
page write copy
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
21764205000
|
heap
|
page read and write
|
||
|
18D615D8000
|
heap
|
page read and write
|
||
|
7FFDFB80D000
|
unkown
|
page write copy
|
||
|
E034D8F000
|
stack
|
page read and write
|
||
|
27423B30000
|
remote allocation
|
page read and write
|
||
|
58C6D7F000
|
stack
|
page read and write
|
||
|
7FFDFB638000
|
unkown
|
page readonly
|
||
|
7FFDFB4B1000
|
unkown
|
page execute read
|
||
|
19D11C10000
|
remote allocation
|
page read and write
|
||
|
12F1BF000
|
stack
|
page read and write
|
||
|
3A7239F000
|
stack
|
page read and write
|
||
|
80FC7F000
|
stack
|
page read and write
|
||
|
4CCE87E000
|
stack
|
page read and write
|
||
|
20766C80000
|
heap
|
page read and write
|
||
|
1168FC70000
|
heap
|
page read and write
|
||
|
15AC7E000
|
stack
|
page read and write
|
There are 516 hidden memdumps, click here to show them.