Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
6q0LW5Szsb.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Iefg\Nefghijkl.pic
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Program Files (x86)\Iefg\Nefghijkl.pic:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Net-Temp.ini
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_5cf5e224613134a37ddf2607be84f14f88d626b_7522e4b5_9ac05968-a9d1-4749-8297-cb651de4856e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_5cf5e224613134a37ddf2607be84f14f88d626b_7522e4b5_b61d6f76-aa3b-4130-bbcc-ef02a7e65198\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E3E.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E7D.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9768.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER97A8.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0DA.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Aug 31 06:32:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC1B6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC1D4.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC1D6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC223.tmp.txt
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD925.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Aug 31 06:32:06 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD993.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD9C3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA11.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA80.tmp.txt
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\6q0LW5Szsb.dll,CanUnloadNow
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",#1
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
C:\Windows\SysWOW64\svchost.exe -k imgsvc
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\6q0LW5Szsb.dll,DarkAngle
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\6q0LW5Szsb.dll,GetClassObject
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",CanUnloadNow
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",DarkAngle
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",GetClassObject
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",UnregisterServer
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",RegisterServer
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
C:\Windows\SysWOW64\svchost.exe -k imgsvc
|
|
|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\6q0LW5Szsb.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6572 -ip 6572
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 720
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5856 -ip 5856
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 724
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3228 -ip 3228
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1712 -ip 1712
|
There are 11 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
115.230.124.27
|
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.baidu.com/ip.txtB#Dark
|
unknown
|
||
|
http://www.baidu.com/ip.txt
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
115.230.124.27
|
unknown
|
China
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\277186117\Parameters
|
ServiceDll
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\277186117\Parameters
|
ServiceMain
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\283352722
|
imgsvc
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\277186117\Parameters
|
ServiceDll
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\277186117\Parameters
|
ServiceMain
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\283352722
|
imgsvc
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3228
|
Terminator
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3228
|
Reason
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3228
|
CreationTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\1712
|
Terminator
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\1712
|
Reason
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\1712
|
CreationTime
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{db7cec16-c912-d829-439f-d2b3b2166bef}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\241942025\Parameters
|
ServiceDll
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\241942025\Parameters
|
ServiceMain
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\211608995
|
imgsvc
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\245353102\Parameters
|
ServiceDll
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\245353102\Parameters
|
ServiceMain
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\150965157
|
imgsvc
|
There are 30 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3E50000
|
direct allocation
|
page read and write
|
|
|
|
3E60000
|
direct allocation
|
page read and write
|
|
|
|
3E00000
|
direct allocation
|
page read and write
|
|
|
|
4840000
|
trusted library allocation
|
page read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
19815602000
|
heap
|
page read and write
|
||
|
19815272000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
10020000
|
unkown
|
page write copy
|
||
|
3420000
|
heap
|
page read and write
|
||
|
2D5D000
|
stack
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
305A000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
308A000
|
heap
|
page read and write
|
||
|
3E00000
|
trusted library allocation
|
page read and write
|
||
|
3E60000
|
direct allocation
|
page read and write
|
||
|
198154D0000
|
trusted library allocation
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
5EB000
|
stack
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
35BE000
|
stack
|
page read and write
|
||
|
3C22000
|
heap
|
page read and write
|
||
|
62C000
|
stack
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
3E3C000
|
stack
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
198151D0000
|
heap
|
page read and write
|
||
|
10022000
|
unkown
|
page readonly
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
19815300000
|
trusted library allocation
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
BCC000
|
stack
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3C12000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2ADA000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
3E00000
|
trusted library allocation
|
page read and write
|
||
|
4620000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
10021000
|
unkown
|
page read and write
|
||
|
49C000
|
stack
|
page read and write
|
||
|
2740000
|
heap
|
page read and write
|
||
|
3002000
|
heap
|
page read and write
|
||
|
3C00000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
1981522B000
|
heap
|
page read and write
|
||
|
28DF000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
461F000
|
stack
|
page read and write
|
||
|
4840000
|
trusted library allocation
|
page read and write
|
||
|
3E00000
|
trusted library allocation
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
374C000
|
stack
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3743000
|
stack
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
1981523A000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
45FE000
|
stack
|
page read and write
|
||
|
5EC000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
19815239000
|
heap
|
page read and write
|
||
|
322B000
|
heap
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
45BF000
|
stack
|
page read and write
|
||
|
364B000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
2A5B000
|
stack
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
3013000
|
heap
|
page read and write
|
||
|
19815702000
|
heap
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
3E00000
|
direct allocation
|
page read and write
|
||
|
3C53000
|
heap
|
page read and write
|
||
|
27FF000
|
stack
|
page read and write
|
||
|
4A60000
|
heap
|
page read and write
|
||
|
19815200000
|
unkown
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
3C12000
|
heap
|
page read and write
|
||
|
382270D000
|
stack
|
page read and write
|
||
|
3E00000
|
trusted library allocation
|
page read and write
|
||
|
3C53000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
11BF000
|
heap
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
31B6000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
4BBE000
|
stack
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
2D1A000
|
heap
|
page read and write
|
||
|
2D9D000
|
stack
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
4790000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
3822EF9000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
19815700000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
2A9D000
|
stack
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
3822CFF000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
5AB000
|
stack
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
3000000
|
unkown
|
page read and write
|
||
|
2ABF000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
3E00000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
2DFB000
|
stack
|
page read and write
|
||
|
19815600000
|
heap
|
page read and write
|
||
|
1001B000
|
unkown
|
page readonly
|
||
|
3320000
|
heap
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
19815302000
|
trusted library allocation
|
page read and write
|
||
|
28CA000
|
heap
|
page read and write
|
||
|
497F000
|
stack
|
page read and write
|
||
|
3F3E000
|
stack
|
page read and write
|
||
|
2AEC000
|
stack
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
198151F0000
|
heap
|
page read and write
|
||
|
2CBB000
|
stack
|
page read and write
|
||
|
272A000
|
heap
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
1981523A000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
19815713000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
45B000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3C22000
|
heap
|
page read and write
|
||
|
28E8000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
36C000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3C5F000
|
heap
|
page read and write
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
10022000
|
unkown
|
page readonly
|
||
|
300D000
|
unkown
|
page read and write
|
||
|
4290000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
303C000
|
stack
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
2AAB000
|
stack
|
page read and write
|
||
|
1001E000
|
unkown
|
page read and write
|
||
|
3300000
|
trusted library allocation
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2CFC000
|
stack
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
483F000
|
stack
|
page read and write
|
||
|
1001E000
|
unkown
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
46FF000
|
stack
|
page read and write
|
||
|
19815613000
|
heap
|
page read and write
|
||
|
3229000
|
unkown
|
page read and write
|
||
|
3D01000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
11CD000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
353E000
|
stack
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3212000
|
unkown
|
page read and write
|
||
|
291E000
|
stack
|
page read and write
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
32B000
|
stack
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
19815202000
|
unkown
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3019000
|
unkown
|
page read and write
|
||
|
2E02000
|
heap
|
page read and write
|
||
|
2A9C000
|
stack
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
2A7F000
|
stack
|
page read and write
|
||
|
11C8000
|
heap
|
page read and write
|
||
|
320D000
|
unkown
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3E80000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3C12000
|
heap
|
page read and write
|
||
|
19815700000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
10020000
|
unkown
|
page write copy
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
3600000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2AFF000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
3822BFE000
|
stack
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
4ABF000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
3C5F000
|
heap
|
page read and write
|
||
|
2A0A000
|
heap
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
19815713000
|
heap
|
page read and write
|
||
|
10022000
|
unkown
|
page readonly
|
||
|
3013000
|
heap
|
page read and write
|
||
|
4730000
|
heap
|
page read and write
|
||
|
3313000
|
trusted library allocation
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
3C53000
|
heap
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
49D0000
|
heap
|
page read and write
|
||
|
19815272000
|
heap
|
page read and write
|
||
|
3C22000
|
heap
|
page read and write
|
||
|
11BB000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
1001B000
|
unkown
|
page readonly
|
||
|
66B000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3C5F000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
19815324000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
2E66000
|
heap
|
page read and write
|
||
|
407D000
|
stack
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
6AF000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2BDD000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3E10000
|
direct allocation
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
473D000
|
stack
|
page read and write
|
||
|
3E00000
|
trusted library allocation
|
page read and write
|
||
|
417F000
|
stack
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
4890000
|
heap
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
1001E000
|
unkown
|
page read and write
|
||
|
3822B7F000
|
stack
|
page read and write
|
||
|
3E00000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
6AC000
|
stack
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
10020000
|
unkown
|
page write copy
|
||
|
1001B000
|
unkown
|
page readonly
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
4B7F000
|
stack
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
27BE000
|
stack
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2D2A000
|
heap
|
page read and write
|
||
|
19815702000
|
heap
|
page read and write
|
||
|
295F000
|
stack
|
page read and write
|
||
|
4BFF000
|
stack
|
page read and write
|
||
|
289E000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
4840000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3101000
|
trusted library allocation
|
page read and write
|
||
|
A1D000
|
stack
|
page read and write
|
||
|
319A000
|
heap
|
page read and write
|
||
|
19815239000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
3F7D000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3010000
|
unkown
|
page read and write
|
||
|
11AE000
|
stack
|
page read and write
|
||
|
417D000
|
stack
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
3822DFE000
|
stack
|
page read and write
|
||
|
3012000
|
unkown
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
274E000
|
stack
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
F8E000
|
stack
|
page read and write
|
||
|
4840000
|
trusted library allocation
|
page read and write
|
||
|
4200000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
heap
|
page read and write
|
||
|
19815213000
|
unkown
|
page read and write
|
||
|
13AF000
|
stack
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
19815315000
|
trusted library allocation
|
page read and write
|
||
|
45C0000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
unkown
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
||
|
4700000
|
trusted library allocation
|
page read and write
|
There are 399 hidden memdumps, click here to show them.