Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_754f1c8f93fb6f2f4d4817606ede2c3e23ead4d_d75f6fa5_12432550-bfa0-4d6b-a8f0-14e09fe4b0ca\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_754f1c8f93fb6f2f4d4817606ede2c3e23ead4d_d75f6fa5_363aac94-5c49-4a35-8eee-f8e0566e9b82\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_754f1c8f93fb6f2f4d4817606ede2c3e23ead4d_d75f6fa5_7fea4c19-51c4-47e9-a610-0b822d6f1abb\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_93f177c3cfa433ab5197dcc74639e9ae9f5a3069_d75f6fa5_d56c99e7-c6a7-431f-954f-ac72c846735b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB794.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 15:25:32 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB802.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 15:25:33 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB87F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB890.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB8BF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB8D0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC679.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 15:25:36 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC735.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC784.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD926.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 15:25:41 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDAAD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDAFD.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\file.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_prism_d3d_D3DContext_nBlit
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5256 -s 424
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3836 -s 448
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_prism_d3d_D3DContext_nBuildNativeGeometryInt
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_prism_d3d_D3DContext_nBuildNativeGeometryShort
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2704 -s 420
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DContext_nBlit
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DContext_nBuildNativeGeometryInt
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DContext_nBuildNativeGeometryShort
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DSwapChain_nPresent
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DShader_setConstantsI
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DShader_setConstantsF
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DShader_nGetRegister
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DShader_init
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DShader_enable
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DShader_disable
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DResourceFactory_nUpdateTextureI
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DResourceFactory_nUpdateTextureF
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DResourceFactory_nUpdateTextureB
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7164 -s 424
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DResourceFactory_nTestCooperativeLevel
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DResourceFactory_nResetDevice
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DResourceFactory_nReleaseResource
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DResourceFactory_nReadPixelsI
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_prism_d3d_D3DResourceFactory_nReadPixelsB
|
There are 19 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{235eb1c9-4ef4-021f-c17f-b4b1fad58c01}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B8F8B0D2B
|
There are 14 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
18F5EA67000
|
heap
|
page read and write
|
||
|
1C33DE90000
|
heap
|
page read and write
|
||
|
AEA73EF000
|
stack
|
page read and write
|
||
|
1EF26580000
|
heap
|
page read and write
|
||
|
25B76FF000
|
stack
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
1E5B2770000
|
remote allocation
|
page read and write
|
||
|
20EBFE50000
|
heap
|
page read and write
|
||
|
299FDD90000
|
heap
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
19E67FA0000
|
heap
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
289D2BD8000
|
heap
|
page read and write
|
||
|
25B73EC000
|
stack
|
page read and write
|
||
|
29F3EF22000
|
heap
|
page read and write
|
||
|
289D2A10000
|
heap
|
page read and write
|
||
|
697207F000
|
stack
|
page read and write
|
||
|
1AD3F4C000
|
stack
|
page read and write
|
||
|
25B767F000
|
stack
|
page read and write
|
||
|
1E5B25D0000
|
heap
|
page read and write
|
||
|
4F2FFAE000
|
stack
|
page read and write
|
||
|
22C719A0000
|
heap
|
page read and write
|
||
|
20151E80000
|
remote allocation
|
page read and write
|
||
|
1F4247B0000
|
heap
|
page read and write
|
||
|
294EDEF0000
|
heap
|
page read and write
|
||
|
22C73350000
|
heap
|
page read and write
|
||
|
1C2AEE40000
|
heap
|
page read and write
|
||
|
1EF26588000
|
heap
|
page read and write
|
||
|
4F2FEAC000
|
stack
|
page read and write
|
||
|
D3326FF000
|
stack
|
page read and write
|
||
|
2902CBC0000
|
heap
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
17C27950000
|
heap
|
page read and write
|
||
|
22C717C8000
|
heap
|
page read and write
|
||
|
2432FE20000
|
heap
|
page read and write
|
||
|
1C80B820000
|
heap
|
page read and write
|
||
|
14B74530000
|
heap
|
page read and write
|
||
|
299FF6C0000
|
remote allocation
|
page read and write
|
||
|
247EFB40000
|
heap
|
page read and write
|
||
|
4A9227C000
|
stack
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
56ED37F000
|
stack
|
page read and write
|
||
|
201504D0000
|
heap
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
19E67F80000
|
heap
|
page read and write
|
||
|
2432FFE0000
|
heap
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
289D2AF0000
|
heap
|
page read and write
|
||
|
D33267C000
|
stack
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
20EC0115000
|
heap
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
201504D8000
|
heap
|
page read and write
|
||
|
23A8E7B8000
|
heap
|
page read and write
|
||
|
2902CB70000
|
heap
|
page read and write
|
||
|
7B234FF000
|
stack
|
page read and write
|
||
|
22C718C0000
|
heap
|
page read and write
|
||
|
5D9B07C000
|
stack
|
page read and write
|
||
|
994D18F000
|
stack
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
2432FD20000
|
heap
|
page read and write
|
||
|
24331800000
|
heap
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
294EDB5F000
|
heap
|
page read and write
|
||
|
2432FFC0000
|
remote allocation
|
page read and write
|
||
|
2432FE00000
|
heap
|
page read and write
|
||
|
29F3EF0D000
|
heap
|
page read and write
|
||
|
23A8E760000
|
heap
|
page read and write
|
||
|
1E5B2800000
|
heap
|
page read and write
|
||
|
2473A100000
|
remote allocation
|
page read and write
|
||
|
247385B0000
|
heap
|
page read and write
|
||
|
19E68275000
|
heap
|
page read and write
|
||
|
24738760000
|
heap
|
page read and write
|
||
|
1F422CB0000
|
heap
|
page read and write
|
||
|
1C80B8E8000
|
heap
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
C20507C000
|
stack
|
page read and write
|
||
|
247EF9F0000
|
heap
|
page read and write
|
||
|
18F5EA40000
|
heap
|
page read and write
|
||
|
247386B0000
|
heap
|
page read and write
|
||
|
4A9237F000
|
stack
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
6DBE38F000
|
stack
|
page read and write
|
||
|
1C80B8A0000
|
heap
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
D33277F000
|
stack
|
page read and write
|
||
|
9ABBBEF000
|
stack
|
page read and write
|
||
|
EF3A27F000
|
stack
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
1E5B26D0000
|
heap
|
page read and write
|
||
|
2902CBB5000
|
heap
|
page read and write
|
||
|
994D47E000
|
stack
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
20150340000
|
heap
|
page read and write
|
||
|
7B2347C000
|
stack
|
page read and write
|
||
|
294EDB40000
|
heap
|
page read and write
|
||
|
247EF780000
|
heap
|
page read and write
|
||
|
289D2DD5000
|
heap
|
page read and write
|
||
|
1C2AEF38000
|
heap
|
page read and write
|
||
|
14B744C0000
|
heap
|
page read and write
|
||
|
2902CB80000
|
heap
|
page read and write
|
||
|
2432FFE5000
|
heap
|
page read and write
|
||
|
C2050FF000
|
stack
|
page read and write
|
||
|
6DBE67F000
|
stack
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
23A8EB25000
|
heap
|
page read and write
|
||
|
1F422EF5000
|
heap
|
page read and write
|
||
|
9ABBB6F000
|
stack
|
page read and write
|
||
|
2902CC10000
|
heap
|
page read and write
|
||
|
20150420000
|
heap
|
page read and write
|
||
|
23A8EB20000
|
heap
|
page read and write
|
||
|
D4E6C7E000
|
stack
|
page read and write
|
||
|
D4E69AC000
|
stack
|
page read and write
|
||
|
299FDBA0000
|
heap
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
1C33C5F0000
|
heap
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
1C33C5F5000
|
heap
|
page read and write
|
||
|
2432FE48000
|
heap
|
page read and write
|
||
|
22C71A90000
|
heap
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
19E67FA8000
|
heap
|
page read and write
|
||
|
294EDEF5000
|
heap
|
page read and write
|
||
|
18D148A0000
|
heap
|
page read and write
|
||
|
1E5B24D0000
|
heap
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
1E5B26B0000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
9A2D1BF000
|
stack
|
page read and write
|
||
|
1C2AEF30000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
14B74490000
|
heap
|
page read and write
|
||
|
18F5EA35000
|
heap
|
page read and write
|
||
|
3C4453F000
|
stack
|
page read and write
|
||
|
1C4567F000
|
stack
|
page read and write
|
||
|
247EF800000
|
heap
|
page read and write
|
||
|
289D2BB0000
|
remote allocation
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
1EF28040000
|
heap
|
page read and write
|
||
|
44BE31C000
|
stack
|
page read and write
|
||
|
29F3EE10000
|
heap
|
page read and write
|
||
|
299FDB80000
|
heap
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
294EDD40000
|
heap
|
page read and write
|
||
|
1C2AEE70000
|
heap
|
page read and write
|
||
|
23A8E9E0000
|
heap
|
page read and write
|
||
|
247EF808000
|
heap
|
page read and write
|
||
|
19E68270000
|
heap
|
page read and write
|
||
|
AEA72EC000
|
stack
|
page read and write
|
||
|
1F422DB0000
|
heap
|
page read and write
|
||
|
29F408A0000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
1E5B2805000
|
heap
|
page read and write
|
||
|
BAD013C000
|
stack
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
299FDD70000
|
heap
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
17C279B8000
|
heap
|
page read and write
|
||
|
D4E6CFE000
|
stack
|
page read and write
|
||
|
D4E6D7F000
|
stack
|
page read and write
|
||
|
4C84ADC000
|
stack
|
page read and write
|
||
|
1C80B720000
|
heap
|
page read and write
|
||
|
307DEFF000
|
stack
|
page read and write
|
||
|
18D144D0000
|
heap
|
page read and write
|
||
|
1EF26680000
|
heap
|
page read and write
|
||
|
18D14520000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
18D14500000
|
heap
|
page read and write
|
||
|
9A2D13F000
|
stack
|
page read and write
|
||
|
307DF7F000
|
stack
|
page read and write
|
||
|
2902CC18000
|
heap
|
page read and write
|
||
|
18F60460000
|
heap
|
page read and write
|
||
|
19E67F60000
|
heap
|
page read and write
|
||
|
24738750000
|
heap
|
page read and write
|
||
|
1C80BAD0000
|
heap
|
page read and write
|
||
|
1E5B24D8000
|
heap
|
page read and write
|
||
|
1C2AEE80000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
56ED3FF000
|
stack
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
7B2357F000
|
stack
|
page read and write
|
||
|
18F5EA30000
|
heap
|
page read and write
|
||
|
14B75EE0000
|
remote allocation
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
1C80B8E0000
|
heap
|
page read and write
|
||
|
1C453AF000
|
stack
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
6971D1C000
|
stack
|
page read and write
|
||
|
23A8E770000
|
heap
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
24738730000
|
heap
|
page read and write
|
||
|
14B744F0000
|
heap
|
page read and write
|
||
|
289D2DD0000
|
heap
|
page read and write
|
||
|
307DE7C000
|
stack
|
page read and write
|
||
|
1C33C5B0000
|
remote allocation
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
1C33C310000
|
heap
|
page read and write
|
||
|
5D9B17F000
|
stack
|
page read and write
|
||
|
1C80B800000
|
heap
|
page read and write
|
||
|
1AD3FCF000
|
stack
|
page read and write
|
||
|
299FF740000
|
heap
|
page read and write
|
||
|
9A2D0BC000
|
stack
|
page read and write
|
||
|
29F3ED30000
|
heap
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
24738690000
|
heap
|
page read and write
|
||
|
1C33C470000
|
heap
|
page read and write
|
||
|
29F3EF1A000
|
heap
|
page read and write
|
||
|
44BE39F000
|
stack
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
4C84B5F000
|
stack
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
20EBFE58000
|
heap
|
page read and write
|
||
|
20150770000
|
heap
|
page read and write
|
||
|
4F2FF2E000
|
stack
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
23A8E7B0000
|
heap
|
page read and write
|
||
|
44BE67F000
|
stack
|
page read and write
|
||
|
C20517F000
|
stack
|
page read and write
|
||
|
29F3EE40000
|
heap
|
page read and write
|
||
|
24738768000
|
heap
|
page read and write
|
||
|
22C71A95000
|
heap
|
page read and write
|
||
|
EF39FAC000
|
stack
|
page read and write
|
||
|
1F422BB0000
|
heap
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
1F422EF0000
|
heap
|
page read and write
|
||
|
18D15F20000
|
heap
|
page read and write
|
||
|
20EC1A40000
|
heap
|
page read and write
|
||
|
17C279B0000
|
heap
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
1F422D90000
|
heap
|
page read and write
|
||
|
299FDBA8000
|
heap
|
page read and write
|
||
|
1E5B4070000
|
heap
|
page read and write
|
||
|
247EF770000
|
heap
|
page read and write
|
||
|
1C33C410000
|
heap
|
page read and write
|
||
|
20EBFF50000
|
heap
|
page read and write
|
||
|
1EF26470000
|
heap
|
page read and write
|
||
|
1C2AEEF0000
|
heap
|
page read and write
|
||
|
18F5E920000
|
heap
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
56ED2FE000
|
stack
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
29F3EF00000
|
heap
|
page read and write
|
||
|
18D148A5000
|
heap
|
page read and write
|
||
|
18D14528000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
20EC0050000
|
heap
|
page read and write
|
||
|
3C445BF000
|
stack
|
page read and write
|
||
|
3C444BC000
|
stack
|
page read and write
|
||
|
247EFB45000
|
heap
|
page read and write
|
||
|
1EF26550000
|
heap
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
20150440000
|
heap
|
page read and write
|
||
|
23A8E790000
|
heap
|
page read and write
|
||
|
1C80BAD5000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
9ABBAEC000
|
stack
|
page read and write
|
||
|
294EDB57000
|
heap
|
page read and write
|
||
|
17C279A5000
|
heap
|
page read and write
|
||
|
294EDD20000
|
heap
|
page read and write
|
||
|
289D4710000
|
heap
|
page read and write
|
||
|
1EF267B0000
|
heap
|
page read and write
|
||
|
299FDF60000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
2902E6C0000
|
remote allocation
|
page read and write
|
||
|
22C719C0000
|
heap
|
page read and write
|
||
|
247EF7A0000
|
heap
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
294EF810000
|
heap
|
page read and write
|
||
|
6DBE30C000
|
stack
|
page read and write
|
||
|
1EF267B5000
|
heap
|
page read and write
|
||
|
17C27850000
|
heap
|
page read and write
|
||
|
2902E5B0000
|
heap
|
page read and write
|
||
|
299FDF65000
|
heap
|
page read and write
|
||
|
18F5EA00000
|
heap
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
1C33C3F0000
|
heap
|
page read and write
|
||
|
18F5EA60000
|
heap
|
page read and write
|
||
|
4C84BDF000
|
stack
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
6971D9F000
|
stack
|
page read and write
|
||
|
14B744A0000
|
heap
|
page read and write
|
||
|
18D144E0000
|
heap
|
page read and write
|
||
|
56ED27C000
|
stack
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
19E67E80000
|
heap
|
page read and write
|
||
|
2432FE40000
|
heap
|
page read and write
|
||
|
1AD427F000
|
stack
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
EF3A2FF000
|
stack
|
page read and write
|
||
|
4A922FF000
|
stack
|
page read and write
|
||
|
2902CBB0000
|
heap
|
page read and write
|
||
|
289D2B10000
|
heap
|
page read and write
|
||
|
1C2AED60000
|
heap
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
AEA736F000
|
stack
|
page read and write
|
||
|
17C27930000
|
heap
|
page read and write
|
||
|
1EF26710000
|
remote allocation
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
17C279A0000
|
heap
|
page read and write
|
||
|
1C4532C000
|
stack
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
1C2AEE75000
|
heap
|
page read and write
|
||
|
5D9B0FF000
|
stack
|
page read and write
|
||
|
1C33C478000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
294EDB50000
|
heap
|
page read and write
|
||
|
1F422BB8000
|
heap
|
page read and write
|
||
|
7FFBBAF40000
|
unkown
|
page readonly
|
||
|
20150775000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
24738735000
|
heap
|
page read and write
|
||
|
17C29330000
|
heap
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
20EC0110000
|
heap
|
page read and write
|
||
|
14B74538000
|
heap
|
page read and write
|
||
|
289D2BD0000
|
heap
|
page read and write
|
||
|
7FFBBAF3F000
|
unkown
|
page read and write
|
||
|
19E69A60000
|
heap
|
page read and write
|
||
|
20151F80000
|
heap
|
page read and write
|
||
|
7FFBBAF2C000
|
unkown
|
page readonly
|
||
|
14B75F70000
|
heap
|
page read and write
|
||
|
14B744F5000
|
heap
|
page read and write
|
||
|
20EC0030000
|
heap
|
page read and write
|
||
|
7FFBBAF20000
|
unkown
|
page readonly
|
||
|
22C717C0000
|
heap
|
page read and write
|
||
|
7FFBBAF21000
|
unkown
|
page execute read
|
||
|
994D10C000
|
stack
|
page read and write
|
There are 339 hidden memdumps, click here to show them.