Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ZaPNN51vQo.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c2f356c1f74475bc955dabae5ac8407876b0076_7522e4b5_1dac1649-4c86-4d4c-906d-33f6a6fc8dc8\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c2f356c1f74475bc955dabae5ac8407876b0076_7522e4b5_bfd95e3a-1a55-49e1-b8b1-e7ff874c411d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_e34a55adf2fb823c1abf802929e24e1fa3bd019_7522e4b5_7c394c0e-190d-4001-951d-d3c6ebbd43e0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_e34a55adf2fb823c1abf802929e24e1fa3bd019_7522e4b5_7e76728d-9671-42f5-bf34-d5dbfd148af8\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_e34a55adf2fb823c1abf802929e24e1fa3bd019_7522e4b5_f12875f2-db89-4ad2-8bba-5c0285c555fe\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9ABE.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat Dec 21 13:17:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AED.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat Dec 21 13:17:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BAA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BB9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BE9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E77.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat Dec 21 13:17:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E97.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat Dec 21 13:17:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F82.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FA1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FB2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FD1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB125.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat Dec 21 13:17:07 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB1A3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB211.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\SysWOW64\KB1035627.dat
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\ZaPNN51vQo.dll,loop
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ZaPNN51vQo.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\ZaPNN51vQo.dll,mydoor
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ZaPNN51vQo.dll",loop
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ZaPNN51vQo.dll",mydoor
|
|
|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\ZaPNN51vQo.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\ZaPNN51vQo.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 672
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 664
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 676
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 668
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 664
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
safebrow.flnet.org
|
162.210.196.168
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
162.210.196.168
|
safebrow.flnet.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{76cd435e-c300-9daa-92cc-c129c38c5607}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
49BA000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
49CA000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
4900000
|
direct allocation
|
page read and write
|
||
|
461F000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
48F0000
|
direct allocation
|
page read and write
|
||
|
47AD000
|
stack
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
27CC000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
49AA000
|
heap
|
page read and write
|
||
|
F3B000
|
heap
|
page read and write
|
||
|
49DE000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
30E6000
|
heap
|
page read and write
|
||
|
48D0000
|
heap
|
page read and write
|
||
|
49DA000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
49BA000
|
heap
|
page read and write
|
||
|
2C0F000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
48F0000
|
direct allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
2E2A000
|
heap
|
page read and write
|
||
|
4999000
|
heap
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
2CD9000
|
heap
|
page read and write
|
||
|
490E000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4DCC000
|
stack
|
page read and write
|
||
|
2CC7000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
49DE000
|
heap
|
page read and write
|
||
|
48AC000
|
unkown
|
page read and write
|
||
|
49E6000
|
heap
|
page read and write
|
||
|
F3F000
|
heap
|
page read and write
|
||
|
4C47000
|
direct allocation
|
page execute and read and write
|
||
|
290F000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
494E000
|
stack
|
page read and write
|
||
|
49DE000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
49E6000
|
heap
|
page read and write
|
||
|
4926000
|
direct allocation
|
page execute and read and write
|
||
|
4C2F000
|
stack
|
page read and write
|
||
|
2E63000
|
heap
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
47D0000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2FA5000
|
heap
|
page read and write
|
||
|
2C3A000
|
heap
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4900000
|
direct allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
4D17000
|
heap
|
page read and write
|
||
|
4537000
|
direct allocation
|
page execute and read and write
|
||
|
2ADB000
|
stack
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
49AA000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
4D29000
|
heap
|
page read and write
|
||
|
49BA000
|
heap
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
4D04000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
2E2F000
|
stack
|
page read and write
|
||
|
4CFC000
|
stack
|
page read and write
|
||
|
30BA000
|
heap
|
page read and write
|
||
|
3245000
|
heap
|
page read and write
|
||
|
49DA000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4C38000
|
heap
|
page read and write
|
||
|
49AA000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
30CA000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
48E0000
|
direct allocation
|
page read and write
|
||
|
49BA000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
49DE000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
49BA000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
direct allocation
|
page read and write
|
||
|
49BA000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
476D000
|
stack
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4930000
|
heap
|
page read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
49DA000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4920000
|
direct allocation
|
page execute and read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
467F000
|
stack
|
page read and write
|
||
|
49CA000
|
heap
|
page read and write
|
||
|
49CA000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
direct allocation
|
page execute and read and write
|
||
|
49DA000
|
heap
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
33A0000
|
direct allocation
|
page execute and read and write
|
||
|
2E46000
|
heap
|
page read and write
|
||
|
4D8B000
|
stack
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
2D4C000
|
stack
|
page read and write
|
||
|
432F000
|
stack
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
337D000
|
stack
|
page read and write
|
||
|
46F7000
|
direct allocation
|
page execute and read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
4520000
|
heap
|
page read and write
|
||
|
4900000
|
direct allocation
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2A1A000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
49CA000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
4900000
|
direct allocation
|
page read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
48F0000
|
direct allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
49AA000
|
heap
|
page read and write
|
||
|
4524000
|
heap
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
4C23000
|
stack
|
page read and write
|
||
|
49DE000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4349000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
3217000
|
direct allocation
|
page execute and read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
4C2F000
|
stack
|
page read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
2A37000
|
heap
|
page read and write
|
||
|
4710000
|
direct allocation
|
page execute and read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
33A7000
|
direct allocation
|
page execute and read and write
|
||
|
49E6000
|
heap
|
page read and write
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
49DA000
|
heap
|
page read and write
|
||
|
4980000
|
heap
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
B3C000
|
stack
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
4934000
|
heap
|
page read and write
|
||
|
49DA000
|
heap
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
49CA000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
49E6000
|
heap
|
page read and write
|
||
|
F4D000
|
heap
|
page read and write
|
||
|
4330000
|
heap
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
48E0000
|
direct allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
direct allocation
|
page read and write
|
||
|
49E6000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
48F0000
|
direct allocation
|
page read and write
|
||
|
25FE000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4674000
|
stack
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
463D000
|
stack
|
page read and write
|
||
|
4B9D000
|
stack
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
49DE000
|
heap
|
page read and write
|
||
|
4F3F000
|
stack
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
49CA000
|
heap
|
page read and write
|
||
|
4C17000
|
heap
|
page read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
48B0000
|
heap
|
page read and write
|
||
|
49DA000
|
heap
|
page read and write
|
||
|
49CA000
|
heap
|
page read and write
|
||
|
24CB000
|
stack
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
49AA000
|
heap
|
page read and write
|
||
|
129F000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
49BA000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4609000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
49DA000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
4DE0000
|
heap
|
page read and write
|
||
|
4B1F000
|
stack
|
page read and write
|
||
|
4EF0000
|
direct allocation
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
4337000
|
heap
|
page read and write
|
||
|
49CA000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
49AA000
|
heap
|
page read and write
|
||
|
2570000
|
heap
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
45F0000
|
heap
|
page read and write
|
||
|
49BA000
|
heap
|
page read and write
|
||
|
250C000
|
stack
|
page read and write
|
||
|
106E000
|
stack
|
page read and write
|
||
|
4C40000
|
direct allocation
|
page execute and read and write
|
||
|
F47000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4DCF000
|
stack
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
49AA000
|
heap
|
page read and write
|
||
|
4987000
|
heap
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
46F0000
|
direct allocation
|
page execute and read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4C29000
|
heap
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
49BA000
|
heap
|
page read and write
|
||
|
45F7000
|
heap
|
page read and write
|
||
|
49AA000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
49DE000
|
heap
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4717000
|
direct allocation
|
page execute and read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
49E6000
|
heap
|
page read and write
|
||
|
45F0000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4B30000
|
heap
|
page read and write
|
||
|
48E0000
|
direct allocation
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
direct allocation
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
49AA000
|
heap
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
2D0B000
|
stack
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
49DA000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
303C000
|
stack
|
page read and write
|
||
|
49E6000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
2B1C000
|
stack
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4530000
|
direct allocation
|
page execute and read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
49CA000
|
heap
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4F33000
|
stack
|
page read and write
|
||
|
48E0000
|
direct allocation
|
page read and write
|
||
|
4618000
|
heap
|
page read and write
|
||
|
2E53000
|
heap
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
2DFB000
|
stack
|
page read and write
|
||
|
49DE000
|
heap
|
page read and write
|
||
|
13DD000
|
stack
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
139F000
|
stack
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
49CB000
|
heap
|
page read and write
|
||
|
42EE000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
49E6000
|
heap
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
49DE000
|
heap
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
278B000
|
stack
|
page read and write
|
||
|
333D000
|
stack
|
page read and write
|
||
|
49A9000
|
heap
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4C3F000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
49E6000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
There are 354 hidden memdumps, click here to show them.