Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_main.exe_59e5c191145a7e657df69e5cbadfff4911e783_61e28721_381d6b4d-05a1-4382-babe-90fa558ea39b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat
|
DOS batch file, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\6rRRlGVV
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\ROF9A37w
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\TsG1eHIt
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\bMZx4vGr
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\eKTTDy2k
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\ogg99SMu
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\t291wOio
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\w3LkirgH
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF885.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Oct 11 14:54:32 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9CE.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9EE.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9FC.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA3B.tmp.txt
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\config.ini
|
Generic INItialization configuration [cnccli]
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.conf
|
ASCII text
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.su3
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\n53qvwtup4waekyrakvw2svm247ujbkgfwsr6blnwpantzo5nz2a.dat
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\wz7qkrnzqpr2zyylfckxtaxrsqsblspad7pbqa3ee5qc7klzdqfq.dat
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ntcp2.keys
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.info
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.keys
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ssu2.keys
|
data
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.ini
|
Generic INItialization configuration [SLPolicy]
|
dropped
|
||
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\update.pkg
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_adl3rpvb.kiz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bk0bvscq.w15.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ccoqzpbb.p3k.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csxx31s3.jgv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fmymk3jc.xit.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ltfi0pvo.yod.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mfjfzw1j.cxy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nvj4bko1.vwj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ovhd124v.enx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vqxni0vi.5l3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wagdvozv.5zs.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wamugexa.3oi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\installer.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\wfpblk.ini
|
Generic INItialization configuration [svc]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\wfpblk.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\2L2zlVsY
|
ASCII text
|
dropped
|
||
|
C:\Windows\Temp\Cw0MZxef
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\Temp\uUNWplSZ
|
data
|
dropped
|
||
|
C:\Windows\Temp\w7pEN9Cm
|
Generic INItialization configuration [SLPolicy]
|
dropped
|
||
|
C:\Windows\Temp\zMtJJthI
|
Generic INItialization configuration [cnccli]
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 59 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
|
|
|
|
C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe
|
"C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe"
|
|
|
|
C:\Windows\System32\sc.exe
|
sc.exe stop RDP-Controller
|
|
|
|
C:\Windows\System32\sc.exe
|
sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start=
auto error= ignore
|
|
|
|
C:\Windows\System32\sc.exe
|
sc.exe failure RDP-Controller reset= 1 actions= restart/10000
|
|
|
|
C:\Windows\System32\sc.exe
|
sc.exe start RDP-Controller
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
|
|
|
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
|
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe
|
"C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe"
|
||
|
C:\Windows\System32\taskkill.exe
|
taskkill.exe /F /FI "SERVICES eq RDP-Controller"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\icacls.exe
|
icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\icacls.exe
|
icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 444 -p 2656 -ip 2656
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2656 -s 1188
|
There are 18 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://i2pseed.creativecowpat.net:8443/
|
unknown
|
|
|
|
http://kopanyoc2lnsx5qwpslkik4uccej6zqna7qq2igbofhmb2qxwflwfqad.onion/i2pseeds.su3
|
unknown
|
|
|
|
https://reseed.memcpy.io/
|
unknown
|
|
|
|
https://reseed.i2pgit.org/
|
unknown
|
|
|
|
https://reseed-pl.i2pd.xyz/
|
unknown
|
|
|
|
https://reseed.onion.im/
|
unknown
|
|
|
|
https://reseed2.i2p.net/
|
unknown
|
|
|
|
https://banana.incognet.io/
|
unknown
|
|
|
|
https://reseed-fr.i2pd.xyz/
|
unknown
|
|
|
|
https://reseed.onion.im/O
|
unknown
|
|
|
|
https://i2p.novg.net/
|
unknown
|
|
|
|
https://i2p.ghativega.in/
|
unknown
|
|
|
|
https://www2.mk16.de/
|
unknown
|
|
|
|
https://reseed.onion.im/w
|
unknown
|
|
|
|
https://reseed.diva.exchange/
|
unknown
|
|
|
|
https://reseed.stormycloud.org/
|
unknown
|
|
|
|
https://reseed.diva.exchange/b.c
|
unknown
|
||
|
https://i2p.novg.net/K
|
unknown
|
||
|
https://reseed-fr.i2pd.xyz/I
|
unknown
|
||
|
http://stats.i2p/cgi-bin/newhosts.txt
|
unknown
|
||
|
http://127.0.0.1:8118
|
unknown
|
||
|
https://banana.incognet.io:443/i2pseeds.su3W
|
unknown
|
||
|
https://banana.incognet.io/W
|
unknown
|
||
|
https://i2p.mooo.com/netDb/
|
unknown
|
||
|
http://reg.i2p/hosts.txty-
|
unknown
|
||
|
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
|
unknown
|
||
|
https://www2.mk16.de/m
|
unknown
|
||
|
https://reseed.i2pgit.org/L
|
unknown
|
||
|
https://reseed.i2p-projekt.de/
|
unknown
|
||
|
https://reseed-pl.i2pd.xyz/3
|
unknown
|
||
|
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3/)
|
unknown
|
||
|
https://netdb.i2p2.no/
|
unknown
|
||
|
https://reseed.i2pgit.org/6
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/
|
unknown
|
||
|
http://reg.i2p/hosts.txt
|
unknown
|
||
|
https://reseed.stormycloud.org/HWUm~GTa
|
unknown
|
||
|
https://banana.incognet.io/i2pseeds.su3
|
unknown
|
||
|
https://reseed-pl.i2pd.xyz/F
|
unknown
|
||
|
https://reseed.memcpy.io/%
|
unknown
|
||
|
http://identiguy.i2p/hosts.txt
|
unknown
|
||
|
http://reg.i2p/hosts.txtf?
|
unknown
|
||
|
http://reg.i2p/hosts.txtei
|
unknown
|
||
|
https://reseed2.i2p.net/vp/p_lib.c
|
unknown
|
||
|
https://legit-website.com/i2pseeds.su3
|
unknown
|
||
|
http://reg.i2p/hosts.txt?~
|
unknown
|
||
|
https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
|
unknown
|
||
|
https://banana.incognet.io:443/i2pseeds.su3
|
unknown
|
||
|
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txttp://
|
unknown
|
||
|
http://rus.i2p/hosts.txt
|
unknown
|
There are 40 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
banana.incognet.io
|
23.137.250.108
|
|
|
|
reseed.diva.exchange
|
80.74.145.70
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
80.74.145.70
|
reseed.diva.exchange
|
Switzerland
|
|
|
|
23.137.250.108
|
banana.incognet.io
|
Reserved
|
|
|
|
217.255.81.237
|
unknown
|
Germany
|
|
|
|
173.68.123.78
|
unknown
|
United States
|
|
|
|
23.128.248.23
|
unknown
|
Reserved
|
|
|
|
77.54.240.255
|
unknown
|
Portugal
|
|
|
|
2.178.241.192
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
|
45.126.126.80
|
unknown
|
Australia
|
||
|
146.70.24.213
|
unknown
|
United Kingdom
|
||
|
85.236.190.252
|
unknown
|
Russian Federation
|
||
|
23.137.249.66
|
unknown
|
Reserved
|
||
|
95.68.156.35
|
unknown
|
Russian Federation
|
||
|
89.87.222.219
|
unknown
|
France
|
||
|
91.149.236.241
|
unknown
|
Poland
|
||
|
2.191.228.230
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
|
62.210.85.80
|
unknown
|
France
|
||
|
124.169.148.215
|
unknown
|
Australia
|
||
|
151.242.80.51
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
|
82.38.134.93
|
unknown
|
United Kingdom
|
||
|
83.255.145.146
|
unknown
|
Sweden
|
||
|
45.30.192.252
|
unknown
|
United States
|
||
|
173.47.97.119
|
unknown
|
United States
|
||
|
87.225.96.167
|
unknown
|
Russian Federation
|
||
|
80.46.94.241
|
unknown
|
United Kingdom
|
||
|
50.100.197.208
|
unknown
|
Canada
|
||
|
99.174.64.226
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 17 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
ProgramId
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
FileId
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
LongPathHash
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Name
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Publisher
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Version
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
BinaryType
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
ProductName
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
ProductVersion
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
LinkDate
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Size
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Language
|
|
|
|
\REGISTRY\A\{b201fa4e-0da6-9e2d-01fb-0bbb5cd21d2e}\Root\InventoryApplicationFile\main.exe|b70705f32dded429
|
Usn
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\2656
|
Terminator
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\2656
|
Reason
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\2656
|
CreationTime
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
280A000
|
direct allocation
|
page read and write
|
||
|
14002D000
|
direct allocation
|
page read and write
|
||
|
7FF710D86000
|
unkown
|
page read and write
|
||
|
C2965FD000
|
stack
|
page read and write
|
||
|
1D681FD000
|
stack
|
page read and write
|
||
|
2D26000
|
heap
|
page read and write
|
||
|
234FBFF000
|
stack
|
page read and write
|
||
|
7FF7C1ACE000
|
unkown
|
page readonly
|
||
|
142D8D9B000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
2811000
|
direct allocation
|
page read and write
|
||
|
427567E000
|
stack
|
page read and write
|
||
|
7FF7C1AB1000
|
unkown
|
page execute read
|
||
|
7FFE11791000
|
unkown
|
page write copy
|
||
|
1D669FA000
|
stack
|
page read and write
|
||
|
7FFE11BE6000
|
unkown
|
page readonly
|
||
|
7FF710370000
|
unkown
|
page read and write
|
||
|
157C5EC7000
|
heap
|
page read and write
|
||
|
7FF64B930000
|
unkown
|
page readonly
|
||
|
1D63DFC000
|
stack
|
page read and write
|
||
|
21034340000
|
heap
|
page read and write
|
||
|
234D5FF000
|
stack
|
page read and write
|
||
|
1D66FFF000
|
stack
|
page read and write
|
||
|
7FF64B931000
|
unkown
|
page execute read
|
||
|
A50000
|
heap
|
page read and write
|
||
|
1D683FD000
|
stack
|
page read and write
|
||
|
142D8DBB000
|
heap
|
page read and write
|
||
|
7FFE1A50F000
|
unkown
|
page write copy
|
||
|
142D8E6E000
|
heap
|
page read and write
|
||
|
7FF710D88000
|
unkown
|
page write copy
|
||
|
7FFE1A4F1000
|
unkown
|
page execute read
|
||
|
23503FF000
|
stack
|
page read and write
|
||
|
7FF7C1ACE000
|
unkown
|
page readonly
|
||
|
23501FD000
|
stack
|
page read and write
|
||
|
296FD6C0000
|
heap
|
page read and write
|
||
|
157C62CE000
|
heap
|
page read and write
|
||
|
7FF7C1AC0000
|
unkown
|
page readonly
|
||
|
15AF5213000
|
heap
|
page read and write
|
||
|
157C5E68000
|
heap
|
page read and write
|
||
|
1E12A1E1000
|
heap
|
page read and write
|
||
|
7FFDFBAB2000
|
unkown
|
page read and write
|
||
|
7FFDFB7D9000
|
unkown
|
page read and write
|
||
|
1E12A3F0000
|
heap
|
page read and write
|
||
|
8AE000
|
unkown
|
page readonly
|
||
|
266A000
|
direct allocation
|
page read and write
|
||
|
15AF5200000
|
heap
|
page read and write
|
||
|
3E89000
|
heap
|
page read and write
|
||
|
7FF7C1AB0000
|
unkown
|
page readonly
|
||
|
7FF7C1ACA000
|
unkown
|
page write copy
|
||
|
7FFE11BD0000
|
unkown
|
page readonly
|
||
|
133E9BA5000
|
heap
|
page read and write
|
||
|
DC163FB000
|
stack
|
page read and write
|
||
|
66CE7E000
|
stack
|
page read and write
|
||
|
7FFE11521000
|
unkown
|
page write copy
|
||
|
7FFDFB9AA000
|
unkown
|
page readonly
|
||
|
866000
|
unkown
|
page read and write
|
||
|
7FFE11EE0000
|
unkown
|
page write copy
|
||
|
142D897D000
|
heap
|
page read and write
|
||
|
142D8DBE000
|
heap
|
page read and write
|
||
|
BA9000
|
heap
|
page read and write
|
||
|
E3F000
|
stack
|
page read and write
|
||
|
142D8DE8000
|
heap
|
page read and write
|
||
|
15AF5302000
|
heap
|
page read and write
|
||
|
142D8D99000
|
heap
|
page read and write
|
||
|
260E000
|
direct allocation
|
page read and write
|
||
|
7FFE11ED3000
|
unkown
|
page readonly
|
||
|
7FF7C1AB0000
|
unkown
|
page readonly
|
||
|
234E5FF000
|
stack
|
page read and write
|
||
|
1D681FF000
|
stack
|
page read and write
|
||
|
454D57E000
|
stack
|
page read and write
|
||
|
2C0D000
|
direct allocation
|
page execute and read and write
|
||
|
7FFE11BF4000
|
unkown
|
page write copy
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
9BC000
|
heap
|
page read and write
|
||
|
7FFE1178D000
|
unkown
|
page read and write
|
||
|
7FF7C1ACE000
|
unkown
|
page readonly
|
||
|
427547D000
|
stack
|
page read and write
|
||
|
142D8EBC000
|
heap
|
page read and write
|
||
|
A550AFF000
|
stack
|
page read and write
|
||
|
1D65BFE000
|
stack
|
page read and write
|
||
|
853000
|
unkown
|
page read and write
|
||
|
2693000
|
direct allocation
|
page read and write
|
||
|
1D667FF000
|
stack
|
page read and write
|
||
|
B7A000
|
heap
|
page read and write
|
||
|
86E000
|
unkown
|
page read and write
|
||
|
133E9870000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
133E9A40000
|
heap
|
page read and write
|
||
|
8A1000
|
unkown
|
page read and write
|
||
|
7FF710361000
|
unkown
|
page execute read
|
||
|
133E9BA0000
|
heap
|
page read and write
|
||
|
14002D000
|
direct allocation
|
page read and write
|
||
|
2B8FC3F0000
|
heap
|
page read and write
|
||
|
157C629C000
|
heap
|
page read and write
|
||
|
7FF71096E000
|
unkown
|
page read and write
|
||
|
157C63E2000
|
heap
|
page read and write
|
||
|
7FF710370000
|
unkown
|
page write copy
|
||
|
234C1FE000
|
stack
|
page read and write
|
||
|
142D896E000
|
heap
|
page read and write
|
||
|
7FFE1A521000
|
unkown
|
page execute read
|
||
|
8A8000
|
unkown
|
page write copy
|
||
|
D7F000
|
stack
|
page read and write
|
||
|
15AF4DA0000
|
heap
|
page read and write
|
||
|
B92000
|
heap
|
page read and write
|
||
|
15AF5202000
|
heap
|
page read and write
|
||
|
7FF710D88000
|
unkown
|
page read and write
|
||
|
7FFE1A50E000
|
unkown
|
page read and write
|
||
|
157C5E73000
|
heap
|
page read and write
|
||
|
234F7F7000
|
stack
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
23507FF000
|
stack
|
page read and write
|
||
|
157C5A0D000
|
heap
|
page read and write
|
||
|
7FFE1A53D000
|
unkown
|
page read and write
|
||
|
8A9000
|
unkown
|
page read and write
|
||
|
157C6290000
|
heap
|
page read and write
|
||
|
142D8978000
|
heap
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page execute and read and write
|
||
|
1D65DFF000
|
stack
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
1D64FFF000
|
stack
|
page read and write
|
||
|
DC163F7000
|
stack
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
B78000
|
heap
|
page read and write
|
||
|
157C62D3000
|
heap
|
page read and write
|
||
|
234C9FF000
|
stack
|
page read and write
|
||
|
7FFE1A544000
|
unkown
|
page readonly
|
||
|
7FFE126F0000
|
unkown
|
page readonly
|
||
|
7FFDFB7D9000
|
unkown
|
page read and write
|
||
|
142D8E2E000
|
heap
|
page read and write
|
||
|
7FFE11BF0000
|
unkown
|
page read and write
|
||
|
157C6464000
|
heap
|
page read and write
|
||
|
7FFE11EC1000
|
unkown
|
page execute read
|
||
|
142D82A2000
|
heap
|
page read and write
|
||
|
1D679F9000
|
stack
|
page read and write
|
||
|
2C49A945000
|
heap
|
page read and write
|
||
|
142D8E76000
|
heap
|
page read and write
|
||
|
234FFFD000
|
stack
|
page read and write
|
||
|
A5C000
|
heap
|
page read and write
|
||
|
7FFDFB9A4000
|
unkown
|
page read and write
|
||
|
1D64BFF000
|
stack
|
page read and write
|
||
|
14A000
|
stack
|
page read and write
|
||
|
157C63D2000
|
heap
|
page read and write
|
||
|
234F7F9000
|
stack
|
page read and write
|
||
|
841000
|
unkown
|
page read and write
|
||
|
234FDF7000
|
stack
|
page read and write
|
||
|
234C7FF000
|
stack
|
page read and write
|
||
|
142D8DB6000
|
heap
|
page read and write
|
||
|
142D8DAB000
|
heap
|
page read and write
|
||
|
1E12A1B0000
|
heap
|
page read and write
|
||
|
2616000
|
direct allocation
|
page read and write
|
||
|
142D8DBC000
|
heap
|
page read and write
|
||
|
7FFE1A502000
|
unkown
|
page readonly
|
||
|
7FFE1A50B000
|
unkown
|
page read and write
|
||
|
7FFE126F8000
|
unkown
|
page read and write
|
||
|
1D671FB000
|
stack
|
page read and write
|
||
|
1D679F7000
|
stack
|
page read and write
|
||
|
157C6271000
|
heap
|
page read and write
|
||
|
7FF710D89000
|
unkown
|
page write copy
|
||
|
E66B9FF000
|
stack
|
page read and write
|
||
|
7FFDFB9AA000
|
unkown
|
page readonly
|
||
|
157C6425000
|
heap
|
page read and write
|
||
|
23505FF000
|
stack
|
page read and write
|
||
|
2730000
|
direct allocation
|
page execute and read and write
|
||
|
27ED000
|
direct allocation
|
page read and write
|
||
|
7FF7C1AC0000
|
unkown
|
page readonly
|
||
|
190000
|
heap
|
page read and write
|
||
|
133E9830000
|
heap
|
page read and write
|
||
|
157C62EA000
|
heap
|
page read and write
|
||
|
4BCD000
|
heap
|
page read and write
|
||
|
3759000
|
heap
|
page read and write
|
||
|
157C6393000
|
heap
|
page read and write
|
||
|
142D8DBE000
|
heap
|
page read and write
|
||
|
210345A5000
|
heap
|
page read and write
|
||
|
7FFE126E1000
|
unkown
|
page execute read
|
||
|
1A020125000
|
heap
|
page read and write
|
||
|
234D1FE000
|
stack
|
page read and write
|
||
|
7FFE126FC000
|
unkown
|
page write copy
|
||
|
234C1F9000
|
stack
|
page read and write
|
||
|
8A6000
|
unkown
|
page read and write
|
||
|
66CEFF000
|
stack
|
page read and write
|
||
|
133E9800000
|
heap
|
page read and write
|
||
|
7FFE126E0000
|
unkown
|
page readonly
|
||
|
157C4E04000
|
heap
|
page read and write
|
||
|
234CBFD000
|
stack
|
page read and write
|
||
|
9B6000
|
heap
|
page read and write
|
||
|
142D8DA3000
|
heap
|
page read and write
|
||
|
7FFDFBAB2000
|
unkown
|
page read and write
|
||
|
844000
|
unkown
|
page read and write
|
||
|
2D8627D0000
|
heap
|
page read and write
|
||
|
142D896D000
|
heap
|
page read and write
|
||
|
C2968FE000
|
stack
|
page read and write
|
||
|
157C62EF000
|
heap
|
page read and write
|
||
|
1E12A3A0000
|
heap
|
page read and write
|
||
|
15AF5300000
|
heap
|
page read and write
|
||
|
15AF4DC0000
|
heap
|
page read and write
|
||
|
A550A7F000
|
stack
|
page read and write
|
||
|
142D8DB6000
|
heap
|
page read and write
|
||
|
841000
|
unkown
|
page read and write
|
||
|
1D66BFF000
|
stack
|
page read and write
|
||
|
7FFE1A4F1000
|
unkown
|
page execute read
|
||
|
7FFE126E1000
|
unkown
|
page execute read
|
||
|
F1A0B7E000
|
stack
|
page read and write
|
||
|
E66B5F9000
|
stack
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
296FD9C0000
|
heap
|
page read and write
|
||
|
2C49A940000
|
heap
|
page read and write
|
||
|
157C5E6A000
|
heap
|
page read and write
|
||
|
27CB000
|
direct allocation
|
page read and write
|
||
|
142D8DD6000
|
heap
|
page read and write
|
||
|
7FF64B94A000
|
unkown
|
page read and write
|
||
|
847000
|
unkown
|
page read and write
|
||
|
2C49AA10000
|
heap
|
page read and write
|
||
|
7FF64B931000
|
unkown
|
page execute read
|
||
|
157C5E6D000
|
heap
|
page read and write
|
||
|
7FFDFB7DF000
|
unkown
|
page read and write
|
||
|
142D8DAC000
|
heap
|
page read and write
|
||
|
7FFE11BD1000
|
unkown
|
page execute read
|
||
|
7FFE1A50B000
|
unkown
|
page read and write
|
||
|
142D89D0000
|
heap
|
page read and write
|
||
|
21034240000
|
heap
|
page read and write
|
||
|
2C49A930000
|
trusted library allocation
|
page read and write
|
||
|
142D89D6000
|
heap
|
page read and write
|
||
|
133E9879000
|
heap
|
page read and write
|
||
|
157C4DD3000
|
heap
|
page read and write
|
||
|
DC163F9000
|
stack
|
page read and write
|
||
|
7FF7C1AC8000
|
unkown
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
142D8190000
|
heap
|
page read and write
|
||
|
454CFBE000
|
stack
|
page read and write
|
||
|
7FFE11EC0000
|
unkown
|
page readonly
|
||
|
157C63BE000
|
heap
|
page read and write
|
||
|
87A000
|
unkown
|
page read and write
|
||
|
BC1000
|
heap
|
page read and write
|
||
|
1D665FF000
|
stack
|
page read and write
|
||
|
2520000
|
direct allocation
|
page execute and read and write
|
||
|
2B8FC3D0000
|
heap
|
page read and write
|
||
|
7FF7C1AB1000
|
unkown
|
page execute read
|
||
|
BC1000
|
heap
|
page read and write
|
||
|
157C4DA6000
|
heap
|
page read and write
|
||
|
27A3000
|
heap
|
page read and write
|
||
|
869000
|
unkown
|
page read and write
|
||
|
7FFE1A533000
|
unkown
|
page read and write
|
||
|
BDE31BD000
|
stack
|
page read and write
|
||
|
E66B5FE000
|
stack
|
page read and write
|
||
|
7FFDFBAB4000
|
unkown
|
page write copy
|
||
|
BA9000
|
heap
|
page read and write
|
||
|
157C4DC5000
|
heap
|
page read and write
|
||
|
66CBEB000
|
stack
|
page read and write
|
||
|
2B8FC2D0000
|
heap
|
page read and write
|
||
|
27DA000
|
direct allocation
|
page read and write
|
||
|
7FF710D8C000
|
unkown
|
page readonly
|
||
|
1D67FFD000
|
stack
|
page read and write
|
||
|
265B000
|
direct allocation
|
page read and write
|
||
|
142D81B0000
|
heap
|
page read and write
|
||
|
454D47E000
|
stack
|
page read and write
|
||
|
7FFDFB7E4000
|
unkown
|
page readonly
|
||
|
157C63D9000
|
heap
|
page read and write
|
||
|
8A1000
|
unkown
|
page read and write
|
||
|
7FFDFB7E4000
|
unkown
|
page readonly
|
||
|
454D679000
|
stack
|
page read and write
|
||
|
157C6272000
|
heap
|
page read and write
|
||
|
2C49A830000
|
heap
|
page read and write
|
||
|
142D89FE000
|
heap
|
page read and write
|
||
|
1D663FE000
|
stack
|
page read and write
|
||
|
1D677FD000
|
stack
|
page read and write
|
||
|
2565000
|
heap
|
page read and write
|
||
|
2B8FC530000
|
heap
|
page read and write
|
||
|
296FD8C0000
|
heap
|
page read and write
|
||
|
7FFE11BF0000
|
unkown
|
page read and write
|
||
|
7FFDFBAB4000
|
unkown
|
page write copy
|
||
|
15AF5313000
|
heap
|
page read and write
|
||
|
1D66DF7000
|
stack
|
page read and write
|
||
|
7FFE1A540000
|
unkown
|
page read and write
|
||
|
BDE34FF000
|
stack
|
page read and write
|
||
|
7FFE11771000
|
unkown
|
page execute read
|
||
|
990000
|
heap
|
page read and write
|
||
|
142D8DAD000
|
heap
|
page read and write
|
||
|
83E000
|
unkown
|
page read and write
|
||
|
142D8973000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
27A5000
|
direct allocation
|
page read and write
|
||
|
7FFE11BF3000
|
unkown
|
page read and write
|
||
|
262E000
|
direct allocation
|
page read and write
|
||
|
2770000
|
direct allocation
|
page execute and read and write
|
||
|
2758000
|
direct allocation
|
page read and write
|
||
|
15AF4E39000
|
heap
|
page read and write
|
||
|
133E9810000
|
heap
|
page read and write
|
||
|
157C6424000
|
heap
|
page read and write
|
||
|
7FFE1A520000
|
unkown
|
page readonly
|
||
|
1A01FD90000
|
heap
|
page read and write
|
||
|
27BB000
|
direct allocation
|
page read and write
|
||
|
157C62A7000
|
heap
|
page read and write
|
||
|
2C49A970000
|
trusted library allocation
|
page read and write
|
||
|
7FFE1151D000
|
unkown
|
page read and write
|
||
|
157C4DD2000
|
heap
|
page read and write
|
||
|
1D683FF000
|
stack
|
page read and write
|
||
|
157C63DE000
|
heap
|
page read and write
|
||
|
7FFE1A520000
|
unkown
|
page readonly
|
||
|
F1A074D000
|
stack
|
page read and write
|
||
|
7FFE11501000
|
unkown
|
page execute read
|
||
|
157C6450000
|
heap
|
page read and write
|
||
|
7FF7C1ACA000
|
unkown
|
page read and write
|
||
|
157C4CE0000
|
heap
|
page read and write
|
||
|
1D643F9000
|
stack
|
page read and write
|
||
|
B49000
|
heap
|
page read and write
|
||
|
7FFDFB201000
|
unkown
|
page execute read
|
||
|
7FFE1A534000
|
unkown
|
page readonly
|
||
|
142D8DA8000
|
heap
|
page read and write
|
||
|
1A020120000
|
heap
|
page read and write
|
||
|
157C62F9000
|
heap
|
page read and write
|
||
|
142D8DA5000
|
heap
|
page read and write
|
||
|
157C5075000
|
heap
|
page read and write
|
||
|
7FF7C1AB0000
|
unkown
|
page readonly
|
||
|
853000
|
unkown
|
page read and write
|
||
|
26A1000
|
direct allocation
|
page read and write
|
||
|
7FF7C1AB1000
|
unkown
|
page execute read
|
||
|
880000
|
unkown
|
page read and write
|
||
|
7FF64B94F000
|
unkown
|
page readonly
|
||
|
210343B8000
|
heap
|
page read and write
|
||
|
7FFDFBAB7000
|
unkown
|
page readonly
|
||
|
1D679FF000
|
stack
|
page read and write
|
||
|
1D657FE000
|
stack
|
page read and write
|
||
|
7FFE11EC1000
|
unkown
|
page execute read
|
||
|
142D8978000
|
heap
|
page read and write
|
||
|
142D893D000
|
heap
|
page read and write
|
||
|
234FDFF000
|
stack
|
page read and write
|
||
|
210345A0000
|
heap
|
page read and write
|
||
|
157C5ED1000
|
heap
|
page read and write
|
||
|
2C49A910000
|
heap
|
page read and write
|
||
|
2BE0000
|
direct allocation
|
page execute and read and write
|
||
|
DC165FE000
|
stack
|
page read and write
|
||
|
269A000
|
direct allocation
|
page read and write
|
||
|
1A01FDE0000
|
heap
|
page read and write
|
||
|
454D37E000
|
stack
|
page read and write
|
||
|
234C5F6000
|
stack
|
page read and write
|
||
|
234D9FC000
|
stack
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
234F3FA000
|
stack
|
page read and write
|
||
|
234F7FD000
|
stack
|
page read and write
|
||
|
7FFE1A541000
|
unkown
|
page write copy
|
||
|
234D7FE000
|
stack
|
page read and write
|
||
|
86C000
|
unkown
|
page read and write
|
||
|
142D8DBB000
|
heap
|
page read and write
|
||
|
234E9FB000
|
stack
|
page read and write
|
||
|
7FFE1A533000
|
unkown
|
page read and write
|
||
|
1D647FF000
|
stack
|
page read and write
|
||
|
7FFE126FC000
|
unkown
|
page write copy
|
||
|
157C6272000
|
heap
|
page read and write
|
||
|
7FFE126E0000
|
unkown
|
page readonly
|
||
|
418D000
|
heap
|
page read and write
|
||
|
7FFE11ED3000
|
unkown
|
page readonly
|
||
|
7FF7C1ACA000
|
unkown
|
page read and write
|
||
|
234BDFC000
|
stack
|
page read and write
|
||
|
2D8626A5000
|
heap
|
page read and write
|
||
|
268C000
|
direct allocation
|
page read and write
|
||
|
7FFE11EDF000
|
unkown
|
page read and write
|
||
|
142D8926000
|
heap
|
page read and write
|
||
|
7FFE1A50E000
|
unkown
|
page read and write
|
||
|
234DBFF000
|
stack
|
page read and write
|
||
|
142D8294000
|
heap
|
page read and write
|
||
|
142D896A000
|
heap
|
page read and write
|
||
|
157C5A0F000
|
heap
|
page read and write
|
||
|
861000
|
unkown
|
page read and write
|
||
|
1D675F7000
|
stack
|
page read and write
|
||
|
1A01FDA0000
|
heap
|
page read and write
|
||
|
2C49AA18000
|
heap
|
page read and write
|
||
|
157C4DCC000
|
heap
|
page read and write
|
||
|
15AF4DD0000
|
trusted library allocation
|
page read and write
|
||
|
263C000
|
direct allocation
|
page read and write
|
||
|
BDE35FE000
|
stack
|
page read and write
|
||
|
7FFDFB201000
|
unkown
|
page execute read
|
||
|
142D8DBD000
|
heap
|
page read and write
|
||
|
210343B0000
|
heap
|
page read and write
|
||
|
454D2FF000
|
stack
|
page read and write
|
||
|
234E1FF000
|
stack
|
page read and write
|
||
|
234E7FF000
|
stack
|
page read and write
|
||
|
26D0000
|
direct allocation
|
page execute and read and write
|
||
|
157C62B5000
|
heap
|
page read and write
|
||
|
157C62EA000
|
heap
|
page read and write
|
||
|
234DFFE000
|
stack
|
page read and write
|
||
|
234C5FC000
|
stack
|
page read and write
|
||
|
234FDF9000
|
stack
|
page read and write
|
||
|
7FF7C1AB0000
|
unkown
|
page readonly
|
||
|
7FF710D7E000
|
unkown
|
page readonly
|
||
|
7FFE1A50F000
|
unkown
|
page write copy
|
||
|
14A000
|
stack
|
page read and write
|
||
|
DC163FF000
|
stack
|
page read and write
|
||
|
1D673FF000
|
stack
|
page read and write
|
||
|
7FF71096C000
|
unkown
|
page read and write
|
||
|
7FF7C1AB1000
|
unkown
|
page execute read
|
||
|
234F9FF000
|
stack
|
page read and write
|
||
|
157C5E1D000
|
heap
|
page read and write
|
||
|
234FDFD000
|
stack
|
page read and write
|
||
|
1D63FFE000
|
stack
|
page read and write
|
||
|
1D643FE000
|
stack
|
page read and write
|
||
|
157C6435000
|
heap
|
page read and write
|
||
|
2D8626B0000
|
heap
|
page read and write
|
||
|
234C3FE000
|
stack
|
page read and write
|
||
|
7FFE11BD1000
|
unkown
|
page execute read
|
||
|
1D661FF000
|
stack
|
page read and write
|
||
|
7FFE1A541000
|
unkown
|
page write copy
|
||
|
267D000
|
direct allocation
|
page read and write
|
||
|
142D8E7A000
|
heap
|
page read and write
|
||
|
2D8626D8000
|
heap
|
page read and write
|
||
|
83E000
|
unkown
|
page read and write
|
||
|
7FFDFBAB7000
|
unkown
|
page readonly
|
||
|
234EDF9000
|
stack
|
page read and write
|
||
|
865000
|
unkown
|
page read and write
|
||
|
157C62CE000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
861000
|
unkown
|
page read and write
|
||
|
27C4000
|
direct allocation
|
page read and write
|
||
|
2C0F000
|
direct allocation
|
page execute and read and write
|
||
|
2C49A950000
|
heap
|
page read and write
|
||
|
1D675FD000
|
stack
|
page read and write
|
||
|
2B8FC1E0000
|
heap
|
page read and write
|
||
|
7FFE1A544000
|
unkown
|
page readonly
|
||
|
3726000
|
heap
|
page read and write
|
||
|
7FFE11520000
|
unkown
|
page read and write
|
||
|
142D8248000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
454CEBD000
|
stack
|
page read and write
|
||
|
7FFE1A4F0000
|
unkown
|
page readonly
|
||
|
859000
|
unkown
|
page read and write
|
||
|
2B8FC535000
|
heap
|
page read and write
|
||
|
1D675FF000
|
stack
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
279E000
|
direct allocation
|
page read and write
|
||
|
142D8DE8000
|
heap
|
page read and write
|
||
|
DC167FF000
|
stack
|
page read and write
|
||
|
7FFE1A512000
|
unkown
|
page readonly
|
||
|
B7A000
|
heap
|
page read and write
|
||
|
1D677F7000
|
stack
|
page read and write
|
||
|
26A8000
|
direct allocation
|
page read and write
|
||
|
7FF7C1ACE000
|
unkown
|
page readonly
|
||
|
7FFE1A512000
|
unkown
|
page readonly
|
||
|
7FF64B94F000
|
unkown
|
page readonly
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
234C5FF000
|
stack
|
page read and write
|
||
|
427557F000
|
stack
|
page read and write
|
||
|
7FFDFB7DE000
|
unkown
|
page write copy
|
||
|
7FFE11EDC000
|
unkown
|
page read and write
|
||
|
234F1FB000
|
stack
|
page read and write
|
||
|
157C62FD000
|
heap
|
page read and write
|
||
|
1D655FF000
|
stack
|
page read and write
|
||
|
157C4DA0000
|
heap
|
page read and write
|
||
|
157C6460000
|
heap
|
page read and write
|
||
|
142D897D000
|
heap
|
page read and write
|
||
|
23501FF000
|
stack
|
page read and write
|
||
|
89D000
|
unkown
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
1D64DFE000
|
stack
|
page read and write
|
||
|
7FFE11EC0000
|
unkown
|
page readonly
|
||
|
1D65FFE000
|
stack
|
page read and write
|
||
|
234F1F9000
|
stack
|
page read and write
|
||
|
454CF3E000
|
stack
|
page read and write
|
||
|
157C6455000
|
heap
|
page read and write
|
||
|
8AA000
|
unkown
|
page read and write
|
||
|
142D8180000
|
heap
|
page read and write
|
||
|
296FD7A9000
|
heap
|
page read and write
|
||
|
7FFE126FB000
|
unkown
|
page read and write
|
||
|
234F5F9000
|
stack
|
page read and write
|
||
|
234E3FE000
|
stack
|
page read and write
|
||
|
A5507FC000
|
stack
|
page read and write
|
||
|
234F3FF000
|
stack
|
page read and write
|
||
|
15AF5302000
|
heap
|
page read and write
|
||
|
2D8625B0000
|
heap
|
page read and write
|
||
|
15AF4E02000
|
unkown
|
page read and write
|
||
|
234F9FD000
|
stack
|
page read and write
|
||
|
157C63CE000
|
heap
|
page read and write
|
||
|
15AF4E70000
|
heap
|
page read and write
|
||
|
142D8DBB000
|
heap
|
page read and write
|
||
|
7FF64B941000
|
unkown
|
page write copy
|
||
|
2720000
|
heap
|
page read and write
|
||
|
7FFE1A534000
|
unkown
|
page readonly
|
||
|
AD3000
|
heap
|
page read and write
|
||
|
157C62D3000
|
heap
|
page read and write
|
||
|
276E000
|
direct allocation
|
page read and write
|
||
|
1D653FF000
|
stack
|
page read and write
|
||
|
2D8626A0000
|
heap
|
page read and write
|
||
|
7FF7C1AC0000
|
unkown
|
page readonly
|
||
|
E66B7FF000
|
stack
|
page read and write
|
||
|
142D8D50000
|
heap
|
page read and write
|
||
|
234BFFE000
|
stack
|
page read and write
|
||
|
1D679FD000
|
stack
|
page read and write
|
||
|
7FFE11EDC000
|
unkown
|
page read and write
|
||
|
15AF4F15000
|
trusted library allocation
|
page read and write
|
||
|
1E12A1D0000
|
heap
|
page read and write
|
||
|
7FF7C1AC8000
|
unkown
|
page read and write
|
||
|
157C6331000
|
heap
|
page read and write
|
||
|
142D89DF000
|
heap
|
page read and write
|
||
|
2818000
|
direct allocation
|
page read and write
|
||
|
7FFE1A53D000
|
unkown
|
page read and write
|
||
|
157C5411000
|
heap
|
page read and write
|
||
|
8B0000
|
unkown
|
page readonly
|
||
|
7FF710360000
|
unkown
|
page readonly
|
||
|
157C62B8000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
234F5FD000
|
stack
|
page read and write
|
||
|
15AF4E0B000
|
unkown
|
page read and write
|
||
|
234F5FF000
|
stack
|
page read and write
|
||
|
142D8DFA000
|
heap
|
page read and write
|
||
|
25FE000
|
direct allocation
|
page read and write
|
||
|
1D671FF000
|
stack
|
page read and write
|
||
|
7FFE11BF3000
|
unkown
|
page read and write
|
||
|
7FFDFB200000
|
unkown
|
page readonly
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
15AF4E25000
|
unkown
|
page read and write
|
||
|
1D673FA000
|
stack
|
page read and write
|
||
|
1D651FE000
|
stack
|
page read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
87A000
|
unkown
|
page read and write
|
||
|
7FFE11BF4000
|
unkown
|
page write copy
|
||
|
C2969FE000
|
stack
|
page read and write
|
||
|
15AF4F02000
|
trusted library allocation
|
page read and write
|
||
|
142D84A5000
|
heap
|
page read and write
|
||
|
2BD0000
|
direct allocation
|
page execute and read and write
|
||
|
157C4CD0000
|
heap
|
page read and write
|
||
|
157C62C3000
|
heap
|
page read and write
|
||
|
142D8D96000
|
heap
|
page read and write
|
||
|
25E8000
|
direct allocation
|
page read and write
|
||
|
1E12A3E0000
|
heap
|
page read and write
|
||
|
7FF64B94B000
|
unkown
|
page write copy
|
||
|
7FFE11EE0000
|
unkown
|
page write copy
|
||
|
7FFE11BE6000
|
unkown
|
page readonly
|
||
|
234DDFE000
|
stack
|
page read and write
|
||
|
157C5EBA000
|
heap
|
page read and write
|
||
|
2786000
|
direct allocation
|
page read and write
|
||
|
157C6459000
|
heap
|
page read and write
|
||
|
8AD000
|
unkown
|
page read and write
|
||
|
7FFE11EDF000
|
unkown
|
page read and write
|
||
|
23503FD000
|
stack
|
page read and write
|
||
|
296FD8A0000
|
heap
|
page read and write
|
||
|
83E000
|
unkown
|
page write copy
|
||
|
142D8240000
|
heap
|
page read and write
|
||
|
133E988E000
|
heap
|
page read and write
|
||
|
15AF5313000
|
heap
|
page read and write
|
||
|
BC1000
|
heap
|
page read and write
|
||
|
7FF64B94C000
|
unkown
|
page write copy
|
||
|
7FFE126F0000
|
unkown
|
page readonly
|
||
|
8A6000
|
unkown
|
page read and write
|
||
|
7FFE126F8000
|
unkown
|
page read and write
|
||
|
21034320000
|
heap
|
page read and write
|
||
|
234EDFF000
|
stack
|
page read and write
|
||
|
157C6250000
|
heap
|
page read and write
|
||
|
142D8DBB000
|
heap
|
page read and write
|
||
|
1D645F6000
|
stack
|
page read and write
|
||
|
157C5E26000
|
heap
|
page read and write
|
||
|
15AF4E00000
|
unkown
|
page read and write
|
||
|
7FFE11514000
|
unkown
|
page readonly
|
||
|
234CFFE000
|
stack
|
page read and write
|
||
|
264B000
|
direct allocation
|
page read and write
|
||
|
15AF5300000
|
heap
|
page read and write
|
||
|
7FF710D70000
|
unkown
|
page write copy
|
||
|
7FFE1A540000
|
unkown
|
page read and write
|
||
|
7FF64B942000
|
unkown
|
page readonly
|
||
|
7FFE1A4F0000
|
unkown
|
page readonly
|
||
|
157C62AE000
|
heap
|
page read and write
|
||
|
86E000
|
unkown
|
page read and write
|
||
|
27FC000
|
direct allocation
|
page read and write
|
||
|
1D675F9000
|
stack
|
page read and write
|
||
|
157C4DAC000
|
heap
|
page read and write
|
||
|
15AF4F24000
|
heap
|
page read and write
|
||
|
7FFE11770000
|
unkown
|
page readonly
|
||
|
F1A0A7F000
|
stack
|
page read and write
|
||
|
1E12A1D9000
|
heap
|
page read and write
|
||
|
234D3FF000
|
stack
|
page read and write
|
||
|
1D67DFD000
|
stack
|
page read and write
|
||
|
1D641FE000
|
stack
|
page read and write
|
||
|
142D84AB000
|
heap
|
page read and write
|
||
|
234F1FF000
|
stack
|
page read and write
|
||
|
1D645FC000
|
stack
|
page read and write
|
||
|
2803000
|
direct allocation
|
page read and write
|
||
|
157C5E3D000
|
heap
|
page read and write
|
||
|
142D899E000
|
heap
|
page read and write
|
||
|
7FFE11500000
|
unkown
|
page readonly
|
||
|
1E12A3C0000
|
heap
|
page read and write
|
||
|
142D84A0000
|
heap
|
page read and write
|
||
|
7FF710361000
|
unkown
|
page execute read
|
||
|
157C62CF000
|
heap
|
page read and write
|
||
|
234EDF7000
|
stack
|
page read and write
|
||
|
7FF710D7E000
|
unkown
|
page readonly
|
||
|
7FF7C1AC0000
|
unkown
|
page readonly
|
||
|
15AF4F00000
|
trusted library allocation
|
page read and write
|
||
|
157C5E78000
|
heap
|
page read and write
|
||
|
7FFDFB9A4000
|
unkown
|
page read and write
|
||
|
296FD9C5000
|
heap
|
page read and write
|
||
|
1A01FDE8000
|
heap
|
page read and write
|
||
|
7FFE11790000
|
unkown
|
page read and write
|
||
|
B15000
|
heap
|
page read and write
|
||
|
7FFE11784000
|
unkown
|
page readonly
|
||
|
142D8DA2000
|
heap
|
page read and write
|
||
|
1D685FF000
|
stack
|
page read and write
|
||
|
27F4000
|
direct allocation
|
page read and write
|
||
|
2B8FC2D7000
|
heap
|
page read and write
|
||
|
157C5E7A000
|
heap
|
page read and write
|
||
|
157C4D00000
|
heap
|
page read and write
|
||
|
157C507B000
|
heap
|
page read and write
|
||
|
1D671F9000
|
stack
|
page read and write
|
||
|
1D67DFF000
|
stack
|
page read and write
|
||
|
15AF4E13000
|
unkown
|
page read and write
|
||
|
89D000
|
unkown
|
page read and write
|
||
|
844000
|
unkown
|
page read and write
|
||
|
234CDFF000
|
stack
|
page read and write
|
||
|
2654000
|
direct allocation
|
page read and write
|
||
|
7FFE126FB000
|
unkown
|
page read and write
|
||
|
1D66DFD000
|
stack
|
page read and write
|
||
|
157C639B000
|
heap
|
page read and write
|
||
|
7FF64B941000
|
unkown
|
page read and write
|
||
|
234EFFF000
|
stack
|
page read and write
|
||
|
2D8626D0000
|
heap
|
page read and write
|
||
|
1D67BFD000
|
stack
|
page read and write
|
||
|
1A01FDC0000
|
heap
|
page read and write
|
||
|
142D897A000
|
heap
|
page read and write
|
||
|
7FFE1A502000
|
unkown
|
page readonly
|
||
|
1E12A3E5000
|
heap
|
page read and write
|
||
|
157C62F7000
|
heap
|
page read and write
|
||
|
157C5070000
|
heap
|
page read and write
|
||
|
234EBFE000
|
stack
|
page read and write
|
||
|
7FF64B942000
|
unkown
|
page readonly
|
||
|
1D66DFF000
|
stack
|
page read and write
|
||
|
157C5EE0000
|
heap
|
page read and write
|
||
|
234F5F7000
|
stack
|
page read and write
|
||
|
142D8DBD000
|
heap
|
page read and write
|
||
|
87E000
|
unkown
|
page read and write
|
||
|
1D66DF9000
|
stack
|
page read and write
|
||
|
7FFE11BD0000
|
unkown
|
page readonly
|
||
|
1D649FE000
|
stack
|
page read and write
|
||
|
296FD7A0000
|
heap
|
page read and write
|
||
|
7FF64B930000
|
unkown
|
page readonly
|
||
|
234FBFD000
|
stack
|
page read and write
|
||
|
1D67BFF000
|
stack
|
page read and write
|
||
|
157C62CF000
|
heap
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
157C62B5000
|
heap
|
page read and write
|
||
|
7FFE1A521000
|
unkown
|
page execute read
|
||
|
234EDFD000
|
stack
|
page read and write
|
||
|
7FF710D8C000
|
unkown
|
page readonly
|
||
|
7FFDFB7DF000
|
unkown
|
page read and write
|
||
|
869000
|
unkown
|
page read and write
|
||
|
880000
|
unkown
|
page read and write
|
||
|
27AC000
|
direct allocation
|
page read and write
|
||
|
1D659FD000
|
stack
|
page read and write
|
||
|
7FF710360000
|
unkown
|
page readonly
|
||
|
7FFDFB7DE000
|
unkown
|
page write copy
|
||
|
BA9000
|
heap
|
page read and write
|
||
|
2684000
|
direct allocation
|
page read and write
|
||
|
142D8963000
|
heap
|
page read and write
|
||
|
2635000
|
direct allocation
|
page read and write
|
||
|
157C4DF1000
|
heap
|
page read and write
|
||
|
157C5E6E000
|
heap
|
page read and write
|
||
|
7FFDFB200000
|
unkown
|
page readonly
|
||
|
7FF7C1ACA000
|
unkown
|
page write copy
|
There are 643 hidden memdumps, click here to show them.