Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
iisutil.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_74d2292676aa8f3d3b873026bfa4bb114f7744d_7522e4b5_6eb46e90-bbc7-4b96-a46f-f862dbf5ec4a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_82a4d751d744bbae5b7fe90618e3ca9a2ea43c5_7522e4b5_78808332-d4ee-4bfd-aa0c-5547fff18423\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_82a4d751d744bbae5b7fe90618e3ca9a2ea43c5_7522e4b5_cb845ae6-1dbd-4ce9-a86c-5f85bb38b7ec\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f34569f3e06624e3681d94af4f51e2a47231a897_7522e4b5_6634f637-9abb-48c2-9230-d3f04625b2f1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB379.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Aug 28 13:56:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB389.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Aug 28 13:56:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB493.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB494.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4C3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB541.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE95.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Aug 28 13:56:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF61.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF91.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA2E.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Aug 28 13:56:06 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA8C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA9D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\iisutil.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\iisutil.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\iisutil.dll,??0?$CDataCache@UDATETIME_FORMAT_ENTRY@@@@QAE@XZ
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 636
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 644
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\iisutil.dll,??0?$CDataCache@VCDateTime@@@@QAE@XZ
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 636
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\iisutil.dll,??0ALLOC_CACHE_HANDLER@@QAE@PBDPBUALLOC_CACHE_CONFIGURATION@@H@Z
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 636
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",??0?$CDataCache@UDATETIME_FORMAT_ENTRY@@@@QAE@XZ
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",??0?$CDataCache@VCDateTime@@@@QAE@XZ
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",??0ALLOC_CACHE_HANDLER@@QAE@PBDPBUALLOC_CACHE_CONFIGURATION@@H@Z
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",uuencode
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",uudecode
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",_IISGetCurrentTime@8
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",_GetAllocCounters@0
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",WriteTraceLog
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",WriteRefTraceLogEx
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",WriteRefTraceLog
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",TerminateLocalRequest
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",TerminateIISUtil
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",SystemTimeToGMT
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",StopIISAdminMonitor
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",StartIISAdminMonitor
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",SkipWhite
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",SkipTo
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",SetStringParameterValueInAnyService
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",SetFlagsDebugPrintHR
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",SetExplicitAccessSettings
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",SchedulerTerminate
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",SchedulerInitialize
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",ScheduleWorkItem
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\iisutil.dll",ScheduleAdjustTime
|
There are 25 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
http://www.iis.net0
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{68dea7fe-e508-4f00-4372-d0394d5e291b}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6E671000
|
unkown
|
page execute read
|
||
|
313E000
|
stack
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
59C000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
4860000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
28CB000
|
stack
|
page read and write
|
||
|
BB000
|
stack
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
2A3A000
|
heap
|
page read and write
|
||
|
4AB000
|
stack
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
28C0000
|
remote allocation
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
4C1F000
|
stack
|
page read and write
|
||
|
470F000
|
stack
|
page read and write
|
||
|
6CA000
|
heap
|
page read and write
|
||
|
2DAB000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
4B9E000
|
stack
|
page read and write
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
462F000
|
stack
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
48BE000
|
stack
|
page read and write
|
||
|
4770000
|
remote allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
299C000
|
stack
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
3110000
|
heap
|
page read and write
|
||
|
4EC000
|
stack
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
2FEF000
|
stack
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
323E000
|
stack
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
2C1A000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
A64000
|
heap
|
page read and write
|
||
|
2B1C000
|
stack
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
3180000
|
heap
|
page read and write
|
||
|
7BF000
|
stack
|
page read and write
|
||
|
4BDE000
|
stack
|
page read and write
|
||
|
290C000
|
stack
|
page read and write
|
||
|
2C8A000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
43F0000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
287B000
|
stack
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
2D2A000
|
heap
|
page read and write
|
||
|
48B0000
|
heap
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
4B5F000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
620000
|
heap
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
46BF000
|
stack
|
page read and write
|
||
|
414F000
|
stack
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
67C000
|
stack
|
page read and write
|
||
|
4340000
|
heap
|
page read and write
|
||
|
6DF000
|
stack
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
740000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
2A3A000
|
heap
|
page read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
2A70000
|
remote allocation
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
2C5A000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
50F000
|
stack
|
page read and write
|
||
|
4180000
|
heap
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
59E000
|
stack
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
29BB000
|
stack
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
4CF0000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
6CA000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
4BFF000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
DB000
|
stack
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
3270000
|
remote allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
11C000
|
stack
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
550000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
6CF000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
2D7A000
|
heap
|
page read and write
|
||
|
A1F000
|
heap
|
page read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
428E000
|
stack
|
page read and write
|
||
|
447F000
|
stack
|
page read and write
|
||
|
2F3A000
|
heap
|
page read and write
|
||
|
32BA000
|
heap
|
page read and write
|
||
|
2D9A000
|
heap
|
page read and write
|
||
|
303C000
|
stack
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
2C3C000
|
stack
|
page read and write
|
||
|
77E000
|
stack
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
286A000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
69E000
|
stack
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
334A000
|
heap
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
305E000
|
stack
|
page read and write
|
||
|
464E000
|
stack
|
page read and write
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
2CCC000
|
stack
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
2C8B000
|
stack
|
page read and write
|
||
|
53C000
|
stack
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
2990000
|
heap
|
page read and write
|
||
|
483E000
|
stack
|
page read and write
|
||
|
303B000
|
stack
|
page read and write
|
||
|
55F000
|
stack
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
292B000
|
stack
|
page read and write
|
||
|
4EC000
|
stack
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
468F000
|
stack
|
page read and write
|
||
|
2D3B000
|
stack
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
314E000
|
stack
|
page read and write
|
||
|
467F000
|
stack
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
465F000
|
stack
|
page read and write
|
||
|
4CF0000
|
heap
|
page read and write
|
||
|
29BA000
|
heap
|
page read and write
|
||
|
28DC000
|
stack
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
4D00000
|
remote allocation
|
page read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
293C000
|
stack
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
28B0000
|
heap
|
page read and write
|
||
|
430E000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
2DFB000
|
stack
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
289B000
|
stack
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
47B000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
2DFB000
|
stack
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
2C6A000
|
heap
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
4B60000
|
remote allocation
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
28FB000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
4850000
|
heap
|
page read and write
|
||
|
3EB000
|
stack
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
2C8A000
|
heap
|
page read and write
|
||
|
7BC000
|
stack
|
page read and write
|
||
|
77B000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
287C000
|
stack
|
page read and write
|
||
|
2ADB000
|
stack
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
317F000
|
stack
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
2A2A000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
46B0000
|
remote allocation
|
page read and write
|
||
|
2C0A000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
730000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
295B000
|
stack
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
29FB000
|
stack
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
418E000
|
stack
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
303C000
|
stack
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
3030000
|
remote allocation
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
42BF000
|
stack
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
4940000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
469E000
|
stack
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
A4D000
|
heap
|
page read and write
|
||
|
2D1A000
|
heap
|
page read and write
|
||
|
5DF000
|
stack
|
page read and write
|
||
|
7FB000
|
stack
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
307C000
|
stack
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
67C000
|
stack
|
page read and write
|
||
|
47C0000
|
heap
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
46B0000
|
heap
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
441E000
|
stack
|
page read and write
|
||
|
2FDF000
|
stack
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
2F7A000
|
heap
|
page read and write
|
||
|
4830000
|
remote allocation
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
4430000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
438F000
|
stack
|
page read and write
|
||
|
2D7C000
|
stack
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
FC000
|
stack
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
4BCF000
|
stack
|
page read and write
|
||
|
41CF000
|
stack
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
46CE000
|
stack
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
4CD0000
|
remote allocation
|
page read and write
|
||
|
2A2F000
|
stack
|
page read and write
|
||
|
46DF000
|
stack
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
2E7A000
|
heap
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
180000
|
heap
|
page read and write
|
||
|
329A000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
4BC000
|
stack
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
28DA000
|
heap
|
page read and write
|
||
|
2F20000
|
remote allocation
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
290C000
|
stack
|
page read and write
|
||
|
28CB000
|
stack
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
2F10000
|
remote allocation
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
28FB000
|
stack
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
42E0000
|
remote allocation
|
page read and write
|
||
|
2E1F000
|
stack
|
page read and write
|
||
|
4AF0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
287E000
|
stack
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
427E000
|
stack
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
50E000
|
stack
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
2970000
|
heap
|
page read and write
|
||
|
56A000
|
heap
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
287F000
|
stack
|
page read and write
|
||
|
47A0000
|
heap
|
page read and write
|
||
|
4420000
|
remote allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
78F000
|
stack
|
page read and write
|
||
|
5F0000
|
remote allocation
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
2E50000
|
remote allocation
|
page read and write
|
||
|
311A000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
55B000
|
stack
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
2950000
|
heap
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
29FC000
|
stack
|
page read and write
|
||
|
42F0000
|
heap
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
4850000
|
remote allocation
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
63B000
|
stack
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
28BC000
|
stack
|
page read and write
|
||
|
43A0000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
296C000
|
stack
|
page read and write
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
45DF000
|
stack
|
page read and write
|
||
|
710000
|
remote allocation
|
page read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
298F000
|
stack
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
6E6A8000
|
unkown
|
page write copy
|
||
|
4AB000
|
stack
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
6E670000
|
unkown
|
page readonly
|
||
|
63B000
|
stack
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
6E671000
|
unkown
|
page execute read
|
||
|
4840000
|
heap
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
2DEC000
|
stack
|
page read and write
|
||
|
6E6AA000
|
unkown
|
page readonly
|
||
|
1EE000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
461E000
|
stack
|
page read and write
|
||
|
4320000
|
remote allocation
|
page read and write
|
||
|
4B8E000
|
stack
|
page read and write
|
||
|
293C000
|
stack
|
page read and write
|
||
|
2D7F000
|
stack
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
2F4D000
|
stack
|
page read and write
|
||
|
A1B000
|
heap
|
page read and write
|
||
|
2A0A000
|
heap
|
page read and write
|
||
|
2E1F000
|
stack
|
page read and write
|
||
|
42CF000
|
stack
|
page read and write
|
There are 479 hidden memdumps, click here to show them.