Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_5e1564abb16a4e5fdbf1dd3889df2dc84973c50_d75f6fa5_c7f62a21-e493-4b12-b64a-b464a8ac5a5d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_8c0c112fa52e9e255c09b8b22c5fbf32e1b4ee_d75f6fa5_361d8f20-ddfd-47f4-82a3-a96decf93460\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_aaf2aa7bbb9b37f79b9c410447131c297ce8878_d75f6fa5_6857f1e5-d3c3-4fcb-8393-08a142d21b50\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fil_aaf2aa7bbb9b37f79b9c410447131c297ce8878_d75f6fa5_cdadf65e-d1c7-4cc6-91c4-32817610f41f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER12AF.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 16:42:27 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER12CE.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 16:42:27 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER132C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 16:42:27 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER13E8.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER13F8.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1437.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1456.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1465.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER14D3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF822.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 2 16:42:20 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF890.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF8C0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\file.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_media_sound_DirectAudioDeviceProvider_nGetNumDevices
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_media_sound_DirectAudioDeviceProvider_nNewDirectAudioDeviceInfo
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7528 -s 428
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\file.dll,Java_com_sun_media_sound_DirectAudioDevice_nAvailable
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDeviceProvider_nGetNumDevices
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDeviceProvider_nNewDirectAudioDeviceInfo
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nAvailable
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nWrite
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nStop
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nStart
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nSetBytePosition
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nService
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nRequiresServicing
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nRead
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nOpen
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nIsStillDraining
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nGetFormats
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nGetBytePosition
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nGetBufferSize
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nFlush
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",Java_com_sun_media_sound_DirectAudioDevice_nClose
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7912 -s 424
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7796 -s 424
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7948 -s 424
|
There are 18 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{ec38a17b-76c3-9898-b620-5bc7e3472a4e}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1CAEB5C0000
|
heap
|
page read and write
|
||
|
2122E420000
|
heap
|
page read and write
|
||
|
2122E492000
|
heap
|
page read and write
|
||
|
1FD24E00000
|
heap
|
page read and write
|
||
|
7C79EFF000
|
stack
|
page read and write
|
||
|
2262B110000
|
heap
|
page read and write
|
||
|
24776CE5000
|
heap
|
page read and write
|
||
|
E416A9C000
|
stack
|
page read and write
|
||
|
F12654C000
|
stack
|
page read and write
|
||
|
1ED9FB30000
|
heap
|
page read and write
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
21C78620000
|
heap
|
page read and write
|
||
|
7FFE148EA000
|
unkown
|
page readonly
|
||
|
69C887C000
|
stack
|
page read and write
|
||
|
2984D840000
|
heap
|
page read and write
|
||
|
198CEFD000
|
stack
|
page read and write
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
8EA047D000
|
stack
|
page read and write
|
||
|
1AA3BDE0000
|
heap
|
page read and write
|
||
|
4722A7F000
|
stack
|
page read and write
|
||
|
25025755000
|
heap
|
page read and write
|
||
|
2262B3D0000
|
heap
|
page read and write
|
||
|
1ED9FB3E000
|
heap
|
page read and write
|
||
|
23EF8C85000
|
heap
|
page read and write
|
||
|
1EFA2810000
|
heap
|
page read and write
|
||
|
90D212C000
|
stack
|
page read and write
|
||
|
21C787C0000
|
heap
|
page read and write
|
||
|
DD0967F000
|
stack
|
page read and write
|
||
|
1AA3BC18000
|
heap
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
1A745510000
|
heap
|
page read and write
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
25025940000
|
heap
|
page read and write
|
||
|
1A745515000
|
heap
|
page read and write
|
||
|
1ED9FB39000
|
heap
|
page read and write
|
||
|
22D95F10000
|
heap
|
page read and write
|
||
|
1A745388000
|
heap
|
page read and write
|
||
|
7C79FFD000
|
stack
|
page read and write
|
||
|
1EFA2550000
|
heap
|
page read and write
|
||
|
23EF8E50000
|
heap
|
page read and write
|
||
|
1CAEB6C0000
|
heap
|
page read and write
|
||
|
34A5CFD000
|
stack
|
page read and write
|
||
|
1A5ACB60000
|
heap
|
page read and write
|
||
|
1CAEB975000
|
heap
|
page read and write
|
||
|
21C7A400000
|
heap
|
page read and write
|
||
|
B57A08C000
|
stack
|
page read and write
|
||
|
7FFE148EA000
|
unkown
|
page readonly
|
||
|
7C79E7C000
|
stack
|
page read and write
|
||
|
2262B330000
|
heap
|
page read and write
|
||
|
7FFE148EA000
|
unkown
|
page readonly
|
||
|
198CE7F000
|
stack
|
page read and write
|
||
|
7FFE148EA000
|
unkown
|
page readonly
|
||
|
21C78AA5000
|
heap
|
page read and write
|
||
|
7FFE148E6000
|
unkown
|
page readonly
|
||
|
1A745670000
|
heap
|
page read and write
|
||
|
2262AF60000
|
heap
|
page read and write
|
||
|
1CAEB5E0000
|
heap
|
page read and write
|
||
|
1ED9F9B0000
|
heap
|
page read and write
|
||
|
1A021C40000
|
heap
|
page read and write
|
||
|
2122E494000
|
heap
|
page read and write
|
||
|
1A5ACC75000
|
heap
|
page read and write
|
||
|
2262B250000
|
heap
|
page read and write
|
||
|
B57A18D000
|
stack
|
page read and write
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
24776CA0000
|
heap
|
page read and write
|
||
|
175F6150000
|
heap
|
page read and write
|
||
|
2984D748000
|
heap
|
page read and write
|
||
|
2121DA10000
|
heap
|
page read and write
|
||
|
2122E380000
|
heap
|
page read and write
|
||
|
BDF877E000
|
stack
|
page read and write
|
||
|
22D95F80000
|
heap
|
page read and write
|
||
|
7C9CFFD000
|
stack
|
page read and write
|
||
|
22D96190000
|
heap
|
page read and write
|
||
|
F1268FF000
|
stack
|
page read and write
|
||
|
91195BC000
|
stack
|
page read and write
|
||
|
FF29EFD000
|
stack
|
page read and write
|
||
|
23EF8BE0000
|
heap
|
page read and write
|
||
|
1ED9FA90000
|
heap
|
page read and write
|
||
|
2121DB78000
|
heap
|
page read and write
|
||
|
1A021D20000
|
heap
|
page read and write
|
||
|
22D961D0000
|
remote allocation
|
page read and write
|
||
|
175F6240000
|
heap
|
page read and write
|
||
|
2122E440000
|
heap
|
page read and write
|
||
|
27D4F7F000
|
stack
|
page read and write
|
||
|
34A5C7F000
|
stack
|
page read and write
|
||
|
7FFE148E6000
|
unkown
|
page readonly
|
||
|
2262B040000
|
heap
|
page read and write
|
||
|
1A5ACE30000
|
heap
|
page read and write
|
||
|
325153C000
|
stack
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
1A023680000
|
heap
|
page read and write
|
||
|
2122E446000
|
heap
|
page read and write
|
||
|
24776DA7000
|
heap
|
page read and write
|
||
|
24776D9F000
|
heap
|
page read and write
|
||
|
7C9CEFE000
|
stack
|
page read and write
|
||
|
1FD24E25000
|
heap
|
page read and write
|
||
|
1EB03470000
|
heap
|
page read and write
|
||
|
1A021B40000
|
heap
|
page read and write
|
||
|
1A021E20000
|
heap
|
page read and write
|
||
|
23264D70000
|
heap
|
page read and write
|
||
|
24776CE0000
|
heap
|
page read and write
|
||
|
1FD24D00000
|
heap
|
page read and write
|
||
|
E416E7D000
|
stack
|
page read and write
|
||
|
69C88FF000
|
stack
|
page read and write
|
||
|
2122E427000
|
heap
|
page read and write
|
||
|
23EF8C80000
|
heap
|
page read and write
|
||
|
C99F97F000
|
stack
|
page read and write
|
||
|
7FFE148E6000
|
unkown
|
page readonly
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
1AA3BF40000
|
heap
|
page read and write
|
||
|
2121F620000
|
heap
|
page read and write
|
||
|
21558F60000
|
heap
|
page read and write
|
||
|
983617F000
|
stack
|
page read and write
|
||
|
1FD24E20000
|
heap
|
page read and write
|
||
|
C99F87C000
|
stack
|
page read and write
|
||
|
2122E2A0000
|
heap
|
page read and write
|
||
|
7C79F7F000
|
stack
|
page read and write
|
||
|
27982AD0000
|
heap
|
page read and write
|
||
|
1FD24E68000
|
heap
|
page read and write
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
24776DFB000
|
heap
|
page read and write
|
||
|
2984D710000
|
heap
|
page read and write
|
||
|
175F6245000
|
heap
|
page read and write
|
||
|
BDF87FD000
|
stack
|
page read and write
|
||
|
23EFA790000
|
heap
|
page read and write
|
||
|
1A745360000
|
heap
|
page read and write
|
||
|
23264CD0000
|
heap
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
1EFA2580000
|
heap
|
page read and write
|
||
|
CC009BE000
|
stack
|
page read and write
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
1ED9FDE0000
|
heap
|
page read and write
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
E416B9F000
|
stack
|
page read and write
|
||
|
7FFE148EA000
|
unkown
|
page readonly
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
2121DD70000
|
heap
|
page read and write
|
||
|
8EA010D000
|
stack
|
page read and write
|
||
|
215575B5000
|
heap
|
page read and write
|
||
|
21C78720000
|
heap
|
page read and write
|
||
|
1A021E25000
|
heap
|
page read and write
|
||
|
175F6220000
|
heap
|
page read and write
|
||
|
27982D70000
|
remote allocation
|
page read and write
|
||
|
23EF8CB8000
|
heap
|
page read and write
|
||
|
1A021D40000
|
heap
|
page read and write
|
||
|
69C897D000
|
stack
|
page read and write
|
||
|
175F5E80000
|
heap
|
page read and write
|
||
|
1AA3BEB0000
|
remote allocation
|
page read and write
|
||
|
1A745280000
|
heap
|
page read and write
|
||
|
1A5AE4F0000
|
heap
|
page read and write
|
||
|
CAE2C8C000
|
stack
|
page read and write
|
||
|
1CAEB4E0000
|
heap
|
page read and write
|
||
|
2122E3E0000
|
heap
|
page read and write
|
||
|
27D4FFD000
|
stack
|
page read and write
|
||
|
1AA3BEF0000
|
heap
|
page read and write
|
||
|
FF29DFE000
|
stack
|
page read and write
|
||
|
CC00CFD000
|
stack
|
page read and write
|
||
|
7C9CE7C000
|
stack
|
page read and write
|
||
|
8EA018E000
|
stack
|
page read and write
|
||
|
1CAED160000
|
heap
|
page read and write
|
||
|
DD0939C000
|
stack
|
page read and write
|
||
|
23264D10000
|
heap
|
page read and write
|
||
|
1EFA2608000
|
heap
|
page read and write
|
||
|
2121DD75000
|
heap
|
page read and write
|
||
|
7FFE148E6000
|
unkown
|
page readonly
|
||
|
34A59CC000
|
stack
|
page read and write
|
||
|
215572FB000
|
heap
|
page read and write
|
||
|
22D95F20000
|
heap
|
page read and write
|
||
|
1EB03740000
|
heap
|
page read and write
|
||
|
27982B30000
|
heap
|
page read and write
|
||
|
1EFA2560000
|
heap
|
page read and write
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
1EB034A8000
|
heap
|
page read and write
|
||
|
22D96290000
|
heap
|
page read and write
|
||
|
983607B000
|
stack
|
page read and write
|
||
|
472273C000
|
stack
|
page read and write
|
||
|
2121DAF0000
|
heap
|
page read and write
|
||
|
1EB034A0000
|
heap
|
page read and write
|
||
|
24776D88000
|
heap
|
page read and write
|
||
|
24776E90000
|
trusted library allocation
|
page read and write
|
||
|
23264AF0000
|
heap
|
page read and write
|
||
|
198CF7F000
|
stack
|
page read and write
|
||
|
911997D000
|
stack
|
page read and write
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
1A745380000
|
heap
|
page read and write
|
||
|
24776BC0000
|
heap
|
page read and write
|
||
|
2122E492000
|
heap
|
page read and write
|
||
|
1EB03670000
|
heap
|
page read and write
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
7FFE148EA000
|
unkown
|
page readonly
|
||
|
98361FD000
|
stack
|
page read and write
|
||
|
7FFE148E6000
|
unkown
|
page readonly
|
||
|
21557200000
|
heap
|
page read and write
|
||
|
1AA3BC10000
|
heap
|
page read and write
|
||
|
325187E000
|
stack
|
page read and write
|
||
|
23EF8DB0000
|
remote allocation
|
page read and write
|
||
|
23EF8B00000
|
heap
|
page read and write
|
||
|
2122E3E5000
|
heap
|
page read and write
|
||
|
1FD24DE0000
|
heap
|
page read and write
|
||
|
23266670000
|
heap
|
page read and write
|
||
|
24776DA2000
|
heap
|
page read and write
|
||
|
1A5AC980000
|
heap
|
page read and write
|
||
|
6DE0FE000
|
stack
|
page read and write
|
||
|
21C78980000
|
heap
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
2121DB70000
|
heap
|
page read and write
|
||
|
2121DCE0000
|
heap
|
page read and write
|
||
|
22D95F88000
|
heap
|
page read and write
|
||
|
90D21AF000
|
stack
|
page read and write
|
||
|
1A5ACB80000
|
heap
|
page read and write
|
||
|
1A021DA0000
|
heap
|
page read and write
|
||
|
1EFA28E5000
|
heap
|
page read and write
|
||
|
8EA008B000
|
stack
|
page read and write
|
||
|
21557470000
|
remote allocation
|
page read and write
|
||
|
91198FE000
|
stack
|
page read and write
|
||
|
98360FF000
|
stack
|
page read and write
|
||
|
2122E49E000
|
heap
|
page read and write
|
||
|
69C89FF000
|
stack
|
page read and write
|
||
|
22D96295000
|
heap
|
page read and write
|
||
|
FF2992C000
|
stack
|
page read and write
|
||
|
2122E441000
|
heap
|
page read and write
|
||
|
27D4E7C000
|
stack
|
page read and write
|
||
|
CC0093C000
|
stack
|
page read and write
|
||
|
21557230000
|
heap
|
page read and write
|
||
|
4722AFD000
|
stack
|
page read and write
|
||
|
215572A5000
|
heap
|
page read and write
|
||
|
23264D00000
|
heap
|
page read and write
|
||
|
25025460000
|
heap
|
page read and write
|
||
|
27D4EFF000
|
stack
|
page read and write
|
||
|
23EF8C00000
|
heap
|
page read and write
|
||
|
6DE07C000
|
stack
|
page read and write
|
||
|
215575B0000
|
heap
|
page read and write
|
||
|
22D961C0000
|
heap
|
page read and write
|
||
|
2122E3A0000
|
heap
|
page read and write
|
||
|
21C78700000
|
heap
|
page read and write
|
||
|
2984F360000
|
heap
|
page read and write
|
||
|
25025580000
|
heap
|
page read and write
|
||
|
2122FE10000
|
trusted library allocation
|
page read and write
|
||
|
25025560000
|
heap
|
page read and write
|
||
|
2984D9E0000
|
heap
|
page read and write
|
||
|
215572F1000
|
heap
|
page read and write
|
||
|
1AA3BF45000
|
heap
|
page read and write
|
||
|
DD0977D000
|
stack
|
page read and write
|
||
|
C99F8FE000
|
stack
|
page read and write
|
||
|
2122E492000
|
heap
|
page read and write
|
||
|
32515BF000
|
stack
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
23EF8CB0000
|
heap
|
page read and write
|
||
|
25027010000
|
heap
|
page read and write
|
||
|
24776D80000
|
heap
|
page read and write
|
||
|
21557210000
|
heap
|
page read and write
|
||
|
47227BF000
|
stack
|
page read and write
|
||
|
FF29CFE000
|
stack
|
page read and write
|
||
|
175F5F80000
|
heap
|
page read and write
|
||
|
21557280000
|
heap
|
page read and write
|
||
|
1EB036B0000
|
heap
|
page read and write
|
||
|
2122E49B000
|
heap
|
page read and write
|
||
|
1A021B48000
|
heap
|
page read and write
|
||
|
27982AF0000
|
heap
|
page read and write
|
||
|
B57A10F000
|
stack
|
page read and write
|
||
|
21557770000
|
heap
|
page read and write
|
||
|
7FFE148E6000
|
unkown
|
page readonly
|
||
|
23264B0D000
|
heap
|
page read and write
|
||
|
1FD24E60000
|
heap
|
page read and write
|
||
|
1CAEB610000
|
heap
|
page read and write
|
||
|
1A7455E0000
|
heap
|
page read and write
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
2155728E000
|
heap
|
page read and write
|
||
|
175F5FD0000
|
heap
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
2122E446000
|
heap
|
page read and write
|
||
|
1EDA16D0000
|
heap
|
page read and write
|
||
|
1ED9FDE5000
|
heap
|
page read and write
|
||
|
1EFA2600000
|
heap
|
page read and write
|
||
|
2984D740000
|
heap
|
page read and write
|
||
|
7C9CF7D000
|
stack
|
page read and write
|
||
|
22D95F40000
|
heap
|
page read and write
|
||
|
1AA3BC00000
|
heap
|
page read and write
|
||
|
1A745480000
|
heap
|
page read and write
|
||
|
BDF86FF000
|
stack
|
page read and write
|
||
|
7FFE148EA000
|
unkown
|
page readonly
|
||
|
21C78AA0000
|
heap
|
page read and write
|
||
|
1FD24E40000
|
heap
|
page read and write
|
||
|
2262B118000
|
heap
|
page read and write
|
||
|
1EFA2A50000
|
heap
|
page read and write
|
||
|
2122FE20000
|
heap
|
page read and write
|
||
|
C99F9FD000
|
stack
|
page read and write
|
||
|
CC00C7F000
|
stack
|
page read and write
|
||
|
F1265CF000
|
stack
|
page read and write
|
||
|
25025587000
|
heap
|
page read and write
|
||
|
24778830000
|
heap
|
page read and write
|
||
|
2262B3D5000
|
heap
|
page read and write
|
||
|
23264B00000
|
heap
|
page read and write
|
||
|
1ED9FCA0000
|
heap
|
page read and write
|
||
|
23264B18000
|
heap
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
2262B060000
|
heap
|
page read and write
|
||
|
7FFE148E8000
|
unkown
|
page read and write
|
||
|
24776DF3000
|
heap
|
page read and write
|
||
|
911987D000
|
stack
|
page read and write
|
||
|
2984D885000
|
heap
|
page read and write
|
||
|
1FD268F0000
|
heap
|
page read and write
|
||
|
2121DB10000
|
heap
|
page read and write
|
||
|
1A5ACA80000
|
heap
|
page read and write
|
||
|
7FFE148EA000
|
unkown
|
page readonly
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
24776DFB000
|
heap
|
page read and write
|
||
|
BDF867B000
|
stack
|
page read and write
|
||
|
7FFE148E6000
|
unkown
|
page readonly
|
||
|
2984D630000
|
heap
|
page read and write
|
||
|
21557750000
|
trusted library allocation
|
page read and write
|
||
|
21557288000
|
heap
|
page read and write
|
||
|
7FFE148E6000
|
unkown
|
page readonly
|
||
|
27982B48000
|
heap
|
page read and write
|
||
|
27984780000
|
heap
|
page read and write
|
||
|
27982B35000
|
heap
|
page read and write
|
||
|
27982E20000
|
heap
|
page read and write
|
||
|
1EB036B5000
|
heap
|
page read and write
|
||
|
175F5FD8000
|
heap
|
page read and write
|
||
|
175F5F60000
|
heap
|
page read and write
|
||
|
27982AC0000
|
heap
|
page read and write
|
||
|
1AA3BE80000
|
heap
|
page read and write
|
||
|
2984D880000
|
heap
|
page read and write
|
||
|
1EFA28E0000
|
heap
|
page read and write
|
||
|
2122E3D0000
|
heap
|
page read and write
|
||
|
1EB03770000
|
heap
|
page read and write
|
||
|
1AA3BE00000
|
heap
|
page read and write
|
||
|
215572F1000
|
heap
|
page read and write
|
||
|
24776D9F000
|
heap
|
page read and write
|
||
|
1ED9FAB0000
|
heap
|
page read and write
|
||
|
24776DF3000
|
heap
|
page read and write
|
||
|
24776F50000
|
heap
|
page read and write
|
||
|
1A5ACC70000
|
heap
|
page read and write
|
||
|
7FFE148E6000
|
unkown
|
page readonly
|
||
|
1A5AC988000
|
heap
|
page read and write
|
||
|
21C787C8000
|
heap
|
page read and write
|
||
|
7FFE148E1000
|
unkown
|
page execute read
|
||
|
2122E494000
|
heap
|
page read and write
|
||
|
2122E49D000
|
heap
|
page read and write
|
||
|
215572A0000
|
heap
|
page read and write
|
||
|
E416B1F000
|
stack
|
page read and write
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
25025540000
|
heap
|
page read and write
|
||
|
24776DA7000
|
heap
|
page read and write
|
||
|
23264D05000
|
heap
|
page read and write
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
7FFE148EA000
|
unkown
|
page readonly
|
||
|
21C788C0000
|
remote allocation
|
page read and write
|
||
|
34A5D7F000
|
stack
|
page read and write
|
||
|
1CAEB970000
|
heap
|
page read and write
|
||
|
27982B40000
|
heap
|
page read and write
|
||
|
F12687D000
|
stack
|
page read and write
|
||
|
198CB9C000
|
stack
|
page read and write
|
||
|
7FFE148E0000
|
unkown
|
page readonly
|
||
|
25025750000
|
heap
|
page read and write
|
||
|
DD096FE000
|
stack
|
page read and write
|
||
|
1CAEB6C8000
|
heap
|
page read and write
|
||
|
1EB03460000
|
heap
|
page read and write
|
||
|
24776CC0000
|
heap
|
page read and write
|
||
|
215572FC000
|
heap
|
page read and write
|
There are 351 hidden memdumps, click here to show them.