Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rcM4Cx31Iy.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_9bba6880298fd69bbd62a2e3ccc3e1353d16d6bf_7522e4b5_bd184202-64a7-4a1b-9a9d-c8d614e36535\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC00F.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Dec 3 07:45:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0BC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0EC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\rcM4Cx31Iy.dll
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\rcM4Cx31Iy.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\rcM4Cx31Iy.dll,DllCanUnloadNow
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\rcM4Cx31Iy.dll,DllGetClassObject
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\rcM4Cx31Iy.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\rcM4Cx31Iy.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\rcM4Cx31Iy.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 656
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.google.com/search?client=navclient-auto&features=Rank:&q=info:%s&ch=%s
|
unknown
|
||
|
http://www.xunlei.com/
|
unknown
|
||
|
http://www.baidu.com/baidu?word=%s&tn=sper_2_dg
|
unknown
|
||
|
http://www.tq121.com.cn/
|
unknown
|
||
|
http://update.iesuper.com/update/iesuper.ini?fn=%s&version=%s&u=%s1.0.1.40OEMIDneedfileurl%s%s%spath
|
unknown
|
||
|
http://www.kooxoo.com/
|
unknown
|
||
|
http://so.xunlei.com/search?search=
|
unknown
|
||
|
http://mp3.baidu.com/m?ct=134217728&word=
|
unknown
|
||
|
http://www.tuotu.com/
|
unknown
|
||
|
http://bbs.qihoo.com/
|
unknown
|
||
|
http://search.crsky.com/search.asp?keyword=
|
unknown
|
||
|
http://www.iesuper.com
|
unknown
|
||
|
http://search.live.com/results.aspx?q=
|
unknown
|
||
|
http://www.crsky.com/
|
unknown
|
||
|
http://so.mydrivers.com/drivers/
|
unknown
|
||
|
http://www.baidu.com/baidu?word=%s&tn=sper_3_dgEDIT_CLASSPROCInstallDoneToolbarWindow32Search
|
unknown
|
||
|
http://yahoo.cn/
|
unknown
|
||
|
http://search.cn.yahoo.com/search?p=
|
unknown
|
||
|
http://127.0.0.1/%s
|
unknown
|
||
|
http://www.tvsou.com/
|
unknown
|
||
|
http://www.iesuper.com/help.htm
|
unknown
|
||
|
http://www.yahoo.cn/
|
unknown
|
||
|
http://www.iesuper.com/cn/
|
unknown
|
||
|
http://www.baidu.com/baidu?word=
|
unknown
|
||
|
http://shooter.cn/sub/?searchword=
|
unknown
|
||
|
http://www.verycd.com/
|
unknown
|
||
|
http://search.blogcn.com/BlogResult.aspx?SearchType=2&txtQuery=
|
unknown
|
||
|
http://www.iciba.com/search?s=
|
unknown
|
||
|
http://update.iesuper.com/update/iesuper.ini?fn=%s&version=%s&u=%s
|
unknown
|
||
|
http://www.live.com.cn/
|
unknown
|
||
|
http://download.pchome.net/php/search.php?pid=0&searchstr=
|
unknown
|
||
|
http://weather.tq121.com.cn/detail.php?city=
|
unknown
|
||
|
http://d.sogou.com/
|
unknown
|
||
|
http://www.kooxoo.com/search?q=
|
unknown
|
||
|
http://search.btchina.net/search.php?query=
|
unknown
|
||
|
http://download.pcpop.com/
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.iesuper.com/
|
unknown
|
||
|
http://www.google.com/search?q=
|
unknown
|
||
|
http://try.iesuper.com/client/webinfo.htm
|
unknown
|
||
|
http://so.mydrivers.com/
|
unknown
|
||
|
http://www.alexa.com/data/details/traffic_details?url=%s
|
unknown
|
||
|
http://shooter.cn/
|
unknown
|
||
|
http://bt.fkee.com/
|
unknown
|
||
|
https:///://IESuper_PROPIMGTahomaTAB...Google:%s
|
unknown
|
||
|
http://www.iesuper.com/cn/hl/
|
unknown
|
||
|
http://find.verycd.com/folders/
|
unknown
|
||
|
http://www.baidu.com/baidu?word=%s&tn=sper_3_dg
|
unknown
|
||
|
http://www.baidu.com/
|
unknown
|
||
|
http://so.bbs.qihoo.com/index.html?kw=
|
unknown
|
||
|
http://data.alexa.com/data/gWjM61Z9yy83rr?cli=10&dat=snba&ver=7.2&cdt=alx_vw%3D20%26wid%3D11092%26ac
|
unknown
|
||
|
http://mp3.baidu.com/
|
unknown
|
||
|
http://d.sogou.com/music.so?pf=&query=
|
unknown
|
||
|
http://search.blogcn.com/
|
unknown
|
||
|
http://bt.fkee.com/search.aspx?q=
|
unknown
|
||
|
http://download.pchome.net/
|
unknown
|
||
|
http://bbs.iesuper.com
|
unknown
|
||
|
http://update.iesuper.com/update/installdone.htm?fn=%s&version=%s&u=%s
|
unknown
|
||
|
http://search.tvsou.com/?KeyWords=
|
unknown
|
||
|
http://www.btchina.net/
|
unknown
|
||
|
http://download.pcpop.com/List.html?printing=
|
unknown
|
||
|
http://search.tuotu.com/?key=
|
unknown
|
||
|
http://search.sogua.com/
|
unknown
|
||
|
http://www.iciba.com/
|
unknown
|
||
|
http://search.sogua.com/search.asp?key=
|
unknown
|
||
|
http://www.google.com/
|
unknown
|
There are 56 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41A5-9080-0F41D1A3AEC2}
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41A5-9080-0F41D1A3AEC2}\InprocServer32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41A5-9080-0F41D1A3AEC2}\InprocServer32
|
ThreadingModel
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}
|
NoExplorer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15BDF1BD-B1E5-4816-A17E-35F5A2554289}\1.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15BDF1BD-B1E5-4816-A17E-35F5A2554289}\1.0\FLAGS
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15BDF1BD-B1E5-4816-A17E-35F5A2554289}\1.0\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15BDF1BD-B1E5-4816-A17E-35F5A2554289}\1.0\HELPDIR
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{12564080-E8C3-4D2A-9B4A-539A4F0C6931}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{12564080-E8C3-4D2A-9B4A-539A4F0C6931}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{12564080-E8C3-4D2A-9B4A-539A4F0C6931}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{12564080-E8C3-4D2A-9B4A-539A4F0C6931}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{12564080-E8C3-4D2A-9B4A-539A4F0C6931}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{12564080-E8C3-4D2A-9B4A-539A4F0C6931}\ProxyStubClsid32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{12564080-E8C3-4D2A-9B4A-539A4F0C6931}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{12564080-E8C3-4D2A-9B4A-539A4F0C6931}\TypeLib
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESuper.Obj.1
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESuper.Obj.1\CLSID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESuper.Obj
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESuper.Obj\CLSID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESuper.Obj\CurVer
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}\ProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}\VersionIndependentProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}\InprocServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}\InprocServer32
|
ThreadingModel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}\TypeLib
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESuperHelper.Obj.1
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESuperHelper.Obj.1\CLSID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESuperHelper.Obj
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESuperHelper.Obj\CLSID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IESuperHelper.Obj\CurVer
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC1}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC1}\ProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC1}\VersionIndependentProgID
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC1}\InprocServer32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC1}\InprocServer32
|
ThreadingModel
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC1}\TypeLib
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A49F431-2A2E-41A5-9080-0F41D1A3AEC1}\iexplore
|
Flags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A49F431-2A2E-41A5-9080-0F41D1A3AEC1}\iexplore
|
Blocked
|
||
|
HKEY_CURRENT_USER\SOFTWARE\IESuper
|
OEMID
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{eadb1fac-937f-7bf5-24bf-039130a3f564}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}\InprocServer32
|
NULL
|
There are 55 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2360000
|
heap
|
page read and write
|
||
|
43B0000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
1001E000
|
unkown
|
page write copy
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2350000
|
heap
|
page read and write
|
||
|
2760000
|
heap
|
page read and write
|
||
|
26D1000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
67C000
|
stack
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
437E000
|
stack
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
2AAF000
|
stack
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
90D000
|
stack
|
page read and write
|
||
|
444F000
|
stack
|
page read and write
|
||
|
2AF6000
|
heap
|
page read and write
|
||
|
4EB000
|
stack
|
page read and write
|
||
|
282A000
|
heap
|
page read and write
|
||
|
263E000
|
stack
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
26BB000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
10020000
|
unkown
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
288B000
|
stack
|
page read and write
|
||
|
441E000
|
stack
|
page read and write
|
||
|
283C000
|
stack
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
2A6A000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
100D8000
|
unkown
|
page readonly
|
||
|
2A2F000
|
stack
|
page read and write
|
||
|
10019000
|
unkown
|
page readonly
|
||
|
445F000
|
stack
|
page read and write
|
||
|
2A61000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
23DD000
|
stack
|
page read and write
|
||
|
100D7000
|
unkown
|
page read and write
|
||
|
4640000
|
heap
|
page read and write
|
||
|
77C000
|
stack
|
page read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
43DF000
|
stack
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
4AB000
|
stack
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
28CC000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
440E000
|
stack
|
page read and write
|
||
|
22DC000
|
stack
|
page read and write
|
||
|
26BA000
|
heap
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
B9B000
|
heap
|
page read and write
|
||
|
B9F000
|
heap
|
page read and write
|
||
|
26FC000
|
stack
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
2ADA000
|
heap
|
page read and write
|
||
|
2570000
|
heap
|
page read and write
|
||
|
433D000
|
stack
|
page read and write
|
||
|
2A4A000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
229B000
|
stack
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
25EB000
|
stack
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
E8F000
|
stack
|
page read and write
|
||
|
44D0000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
25EE000
|
stack
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
45A0000
|
heap
|
page read and write
|
||
|
2BDF000
|
stack
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
There are 82 hidden memdumps, click here to show them.