IOC Report
AIDE.dll

loading gif

Files

File Path
Type
Category
Malicious
AIDE.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
initial sample
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8bc36d909c559b6ea338ed316faee572ae62d6a0_7522e4b5_13970ce5-8fc5-44eb-a970-7b6994934808\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8bc36d909c559b6ea338ed316faee572ae62d6a0_7522e4b5_d9901553-cb92-4cd7-a298-84b8ea445ca5\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c42f13f4915a1555add63cb2a13088f4185d657b_7522e4b5_f8213d4f-3c7c-4f65-bd90-7e201c868190\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c8996f612b49173415ae526f81d4acc39bc15c_7522e4b5_16e32c9f-8e31-43f7-b680-d5906805550a\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE504.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 24 19:45:27 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE514.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 24 19:45:27 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE5F0.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE60F.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE63F.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE64F.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF45.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 24 19:45:30 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREFA4.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREFD4.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB0D.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 24 19:45:33 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB8B.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFBBB.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
C:\Windows\appcompat\Programs\Amcache.hve.tmp
MS Windows registry file, NT/2000 or above
dropped
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG1
MS Windows registry file, NT/2000 or above
dropped
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG2
MS Windows registry file, NT/2000 or above
dropped
There are 11 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\AIDE.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\AIDE.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\AIDE.dll,??0AIDEDimension@AIDE@@QAE@II@Z
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 568
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 604
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\AIDE.dll,??0AIDEDimension@AIDE@@QAE@XZ
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 624
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\AIDE.dll,??0AIDEFormatType@AIDE@@QAE@H@Z
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 632
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",??0AIDEDimension@AIDE@@QAE@II@Z
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",??0AIDEDimension@AIDE@@QAE@XZ
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",??0AIDEFormatType@AIDE@@QAE@H@Z
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDEWritePrivateChunk
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDEWebPEncodeOptionsSetImageQuality
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDEWebPEncodeOptionsSetCompressionType
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDETiffEncodeOptionsSetTileSize
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDETiffEncodeOptionsSetPyramidParamsCustomLayers
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDETiffEncodeOptionsSetPyramidParams
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDETiffEncodeOptionsSetCustomEncodeParams
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDETiffEncodeOptionsSetCompressionScheme
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDETiffEncodeOptionsDiableLayer
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDERawEncodeOptionsSetBlurMethod
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDEPngEncodeOptionsSetPalettizationTechnique
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDEPngEncodeOptionsSetPHYChunk
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDEPngEncodeOptionsSetInterlaced
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDEPngEncodeOptionsSetForcedPaletteCreation
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDEPngEncodeOptionsSetFilterType
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDEPngEncodeOptionsSetCompressionLevel
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\AIDE.dll",AIDEPngEncodeOptionsSetAttemptPaletteCreation
There are 21 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://upx.sf.net
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{11517B7C-E79D-4e20-961B-75A811715ADD}
CreatingCommand
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{11517B7C-E79D-4e20-961B-75A811715ADD}
CreatingModule
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHivePermissionsCorrect
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHiveOwnerCorrect
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiOverridePath
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile
ProviderSyncId
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProgramId
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
FileId
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LowerCaseLongPath
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LongPathHash
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Name
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
OriginalFileName
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Publisher
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Version
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinFileVersion
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinaryType
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProductName
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProductVersion
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LinkDate
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinProductVersion
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
AppxPackageFullName
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
AppxPackageRelativeId
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Size
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Language
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
IsOsComponent
\REGISTRY\A\{c8237c92-57ac-2c9e-e904-3434af0d20bf}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Usn
\REGISTRY\A\{1e68bae4-8133-7fd8-fadd-f521f2f5a168}\Root\InventoryApplicationFile
WritePermissionsCheck
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProgramId
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
FileId
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LowerCaseLongPath
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LongPathHash
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Name
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
OriginalFileName
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Publisher
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Version
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinFileVersion
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinaryType
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProductName
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProductVersion
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LinkDate
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinProductVersion
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
AppxPackageFullName
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
AppxPackageRelativeId
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Size
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Language
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
IsOsComponent
\REGISTRY\A\{e52f715e-c9ac-fb48-080b-523380f3f6fa}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Usn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
There are 46 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
6D1FE000
unkown
page read and write
6D496000
unkown
page read and write
6D191000
unkown
page execute read
DB0000
heap
page read and write
6D190000
unkown
page readonly
6D496000
unkown
page read and write
6D1FD000
unkown
page write copy
6D496000
unkown
page read and write
6D190000
unkown
page readonly
6D1FF000
unkown
page write copy
B1A000
heap
page read and write
58E000
stack
page read and write
730000
heap
page read and write
AB0000
heap
page read and write
44A000
heap
page read and write
98E000
stack
page read and write
6D494000
unkown
page write copy
6D190000
unkown
page readonly
6D1FE000
unkown
page read and write
6D427000
unkown
page readonly
800000
heap
page read and write
6D48F000
unkown
page write copy
6D190000
unkown
page readonly
DCE000
stack
page read and write
6D427000
unkown
page readonly
D0C000
stack
page read and write
CBF000
stack
page read and write
4390000
remote allocation
page read and write
4A3F000
stack
page read and write
6D48D000
unkown
page write copy
CAC000
stack
page read and write
3590000
heap
page read and write
6D48D000
unkown
page write copy
307E000
stack
page read and write
350E000
stack
page read and write
6D48D000
unkown
page write copy
6D1FD000
unkown
page write copy
5CF000
stack
page read and write
6D190000
unkown
page readonly
6D4A4000
unkown
page readonly
6D493000
unkown
page read and write
6D494000
unkown
page write copy
4D40000
remote allocation
page read and write
B8A000
heap
page read and write
45CF000
stack
page read and write
6D48D000
unkown
page write copy
6D4A4000
unkown
page readonly
32B0000
heap
page read and write
308F000
stack
page read and write
4750000
heap
page read and write
B90000
heap
page read and write
440000
heap
page read and write
6D48E000
unkown
page read and write
6CF00000
unkown
page readonly
6D496000
unkown
page read and write
6D1FD000
unkown
page write copy
E1F000
stack
page read and write
34BF000
stack
page read and write
322A000
heap
page read and write
323B000
stack
page read and write
7C0000
heap
page read and write
6CF00000
unkown
page readonly
6D190000
unkown
page readonly
BE0000
heap
page read and write
89C000
stack
page read and write
302F000
stack
page read and write
E10000
heap
page read and write
6CF01000
unkown
page execute read
6D204000
unkown
page write copy
6D48D000
unkown
page write copy
34EE000
stack
page read and write
6D496000
unkown
page read and write
85B000
stack
page read and write
63A000
heap
page read and write
B8D000
stack
page read and write
6D190000
unkown
page readonly
3280000
heap
page read and write
6D4A4000
unkown
page readonly
6D190000
unkown
page readonly
7CC000
stack
page read and write
6D48F000
unkown
page write copy
6D48E000
unkown
page read and write
3080000
heap
page read and write
C3C000
stack
page read and write
4D50000
heap
page read and write
4E30000
heap
page read and write
9CB000
stack
page read and write
6D4A4000
unkown
page readonly
6D427000
unkown
page readonly
C3E000
stack
page read and write
6D48E000
unkown
page read and write
6D204000
unkown
page write copy
6D4A4000
unkown
page readonly
860000
heap
page read and write
2E8B000
stack
page read and write
6D493000
unkown
page read and write
6D48F000
unkown
page write copy
6D4A4000
unkown
page readonly
2ECC000
stack
page read and write
3390000
heap
page read and write
3040000
heap
page read and write
329E000
stack
page read and write
6D48F000
unkown
page write copy
2EB0000
heap
page read and write
DF0000
heap
page read and write
6D48F000
unkown
page write copy
8CB000
stack
page read and write
6D493000
unkown
page read and write
6D494000
unkown
page write copy
6D1FF000
unkown
page write copy
34AF000
stack
page read and write
B9C000
stack
page read and write
6D203000
unkown
page read and write
6D197000
unkown
page readonly
76A000
heap
page read and write
890000
heap
page read and write
6D190000
unkown
page readonly
6D190000
unkown
page readonly
358F000
stack
page read and write
6D427000
unkown
page readonly
6D48D000
unkown
page write copy
6CF00000
unkown
page readonly
B90000
remote allocation
page read and write
5F0000
heap
page read and write
1AC000
stack
page read and write
B5B000
stack
page read and write
6D493000
unkown
page read and write
6D496000
unkown
page read and write
560000
heap
page read and write
CAA000
heap
page read and write
2F80000
heap
page read and write
ACE000
stack
page read and write
49BE000
stack
page read and write
2E8C000
stack
page read and write
6D191000
unkown
page execute read
750000
heap
page read and write
6D1FE000
unkown
page read and write
6D1FD000
unkown
page write copy
6D494000
unkown
page write copy
357A000
heap
page read and write
6D427000
unkown
page readonly
3240000
heap
page read and write
59E000
stack
page read and write
4AE0000
remote allocation
page read and write
6D191000
unkown
page execute read
30F0000
heap
page read and write
6D494000
unkown
page write copy
6D496000
unkown
page read and write
6D190000
unkown
page readonly
6D48E000
unkown
page read and write
C7E000
stack
page read and write
4D9E000
stack
page read and write
BAB000
stack
page read and write
4B70000
heap
page read and write
D5F000
stack
page read and write
6D4A4000
unkown
page readonly
6D493000
unkown
page read and write
E0E000
stack
page read and write
B0E000
stack
page read and write
4B30000
remote allocation
page read and write
DDE000
stack
page read and write
94F000
stack
page read and write
6D493000
unkown
page read and write
630000
heap
page read and write
6D4A4000
unkown
page readonly
6BE000
stack
page read and write
99B000
heap
page read and write
E20000
heap
page read and write
6D494000
unkown
page write copy
2EE0000
heap
page read and write
4EB000
stack
page read and write
2F30000
heap
page read and write
ACE000
stack
page read and write
2E70000
heap
page read and write
4DFF000
stack
page read and write
18B000
stack
page read and write
990000
heap
page read and write
6D494000
unkown
page write copy
72E000
stack
page read and write
356F000
stack
page read and write
6D1FF000
unkown
page write copy
6D48D000
unkown
page write copy
6D191000
unkown
page execute read
6D4A4000
unkown
page readonly
6D48E000
unkown
page read and write
2EAA000
heap
page read and write
430000
heap
page read and write
429F000
stack
page read and write
6D214000
unkown
page readonly
32F0000
heap
page read and write
6BC000
stack
page read and write
7B0000
remote allocation
page read and write
6D496000
unkown
page read and write
5EF000
stack
page read and write
6D191000
unkown
page execute read
BF0000
heap
page read and write
6D494000
unkown
page write copy
6CC000
stack
page read and write
6D214000
unkown
page readonly
DCE000
stack
page read and write
8E0000
heap
page read and write
6D190000
unkown
page readonly
6D493000
unkown
page read and write
C30000
heap
page read and write
6D191000
unkown
page execute read
6D494000
unkown
page write copy
6D48D000
unkown
page write copy
2EC0000
heap
page read and write
6D48E000
unkown
page read and write
323E000
stack
page read and write
6D427000
unkown
page readonly
6D191000
unkown
page execute read
6D191000
unkown
page execute read
6D48E000
unkown
page read and write
48DE000
stack
page read and write
6D4A4000
unkown
page readonly
6D48D000
unkown
page write copy
D70000
heap
page read and write
4AB0000
remote allocation
page read and write
E1F000
stack
page read and write
331F000
stack
page read and write
870000
heap
page read and write
3200000
heap
page read and write
2F10000
heap
page read and write
6D496000
unkown
page read and write
E0F000
stack
page read and write
6D48F000
unkown
page write copy
7C0000
heap
page read and write
323B000
stack
page read and write
6D427000
unkown
page readonly
32E0000
heap
page read and write
2FEE000
stack
page read and write
840000
heap
page read and write
4FF0000
heap
page read and write
6D4A4000
unkown
page readonly
2FFE000
stack
page read and write
6D204000
unkown
page write copy
3220000
heap
page read and write
52C000
stack
page read and write
99F000
heap
page read and write
3410000
heap
page read and write
2FC0000
heap
page read and write
6D493000
unkown
page read and write
6D493000
unkown
page read and write
336E000
stack
page read and write
73E000
stack
page read and write
B10000
heap
page read and write
6D48D000
unkown
page write copy
6D48E000
unkown
page read and write
630000
heap
page read and write
ADF000
stack
page read and write
CCB000
stack
page read and write
6D4A4000
unkown
page readonly
D9F000
stack
page read and write
6D48E000
unkown
page read and write
9B2000
heap
page read and write
32B0000
heap
page read and write
47D0000
remote allocation
page read and write
6D190000
unkown
page readonly
6D197000
unkown
page readonly
6CF00000
unkown
page readonly
6D191000
unkown
page execute read
6D206000
unkown
page read and write
820000
heap
page read and write
2F60000
heap
page read and write
323D000
stack
page read and write
8AA000
heap
page read and write
6D493000
unkown
page read and write
D00000
heap
page read and write
6D496000
unkown
page read and write
43B0000
heap
page read and write
341A000
heap
page read and write
14B000
stack
page read and write
4F00000
remote allocation
page read and write
337A000
heap
page read and write
BCA000
heap
page read and write
E1B000
stack
page read and write
6D496000
unkown
page read and write
590000
heap
page read and write
660000
heap
page read and write
6D493000
unkown
page read and write
6D4A4000
unkown
page readonly
6D427000
unkown
page readonly
6D4A4000
unkown
page readonly
76E000
stack
page read and write
6AF000
stack
page read and write
480000
heap
page read and write
6D496000
unkown
page read and write
2EA0000
heap
page read and write
3570000
heap
page read and write
2FEE000
stack
page read and write
4DB0000
heap
page read and write
D30000
heap
page read and write
4BF0000
heap
page read and write
6D494000
unkown
page write copy
B4F000
stack
page read and write
DEF000
stack
page read and write
6CF01000
unkown
page execute read
D10000
heap
page read and write
16B000
stack
page read and write
CFD000
stack
page read and write
6D191000
unkown
page execute read
6D427000
unkown
page readonly
6D494000
unkown
page write copy
6D48F000
unkown
page write copy
6D48E000
unkown
page read and write
6D427000
unkown
page readonly
6D4A4000
unkown
page readonly
6D48E000
unkown
page read and write
4B10000
heap
page read and write
31DF000
stack
page read and write
1F0000
heap
page read and write
E1E000
stack
page read and write
6D1FF000
unkown
page write copy
2F60000
heap
page read and write
46B000
stack
page read and write
303E000
stack
page read and write
B10000
heap
page read and write
8AE000
stack
page read and write
6D203000
unkown
page read and write
6D48E000
unkown
page read and write
324A000
heap
page read and write
6D190000
unkown
page readonly
60E000
stack
page read and write
6D496000
unkown
page read and write
32DE000
stack
page read and write
6D493000
unkown
page read and write
6D493000
unkown
page read and write
5F0000
heap
page read and write
67B000
stack
page read and write
D20000
heap
page read and write
6D197000
unkown
page readonly
6D48F000
unkown
page write copy
6D496000
unkown
page read and write
4D0000
heap
page read and write
2F5E000
stack
page read and write
2E8B000
stack
page read and write
6D206000
unkown
page read and write
B3B000
stack
page read and write
6D190000
unkown
page readonly
2E8F000
stack
page read and write
6D4A4000
unkown
page readonly
6D48E000
unkown
page read and write
6D4A4000
unkown
page readonly
6D197000
unkown
page readonly
6D48F000
unkown
page write copy
1AB000
stack
page read and write
2ECC000
stack
page read and write
6D493000
unkown
page read and write
2CC000
stack
page read and write
4AAF000
stack
page read and write
359A000
heap
page read and write
3250000
heap
page read and write
327C000
stack
page read and write
2F4B000
stack
page read and write
2FC0000
heap
page read and write
6D48E000
unkown
page read and write
2ED0000
heap
page read and write
6D4A4000
unkown
page readonly
BE0000
heap
page read and write
5FA000
heap
page read and write
970000
heap
page read and write
6D48E000
unkown
page read and write
6D48E000
unkown
page read and write
6D4A4000
unkown
page readonly
2F8C000
stack
page read and write
E2E000
stack
page read and write
2E80000
heap
page read and write
30EF000
stack
page read and write
B4F000
stack
page read and write
6D191000
unkown
page execute read
740000
heap
page read and write
32D0000
heap
page read and write
6D0000
heap
page read and write
C6B000
stack
page read and write
6D48D000
unkown
page write copy
18C000
stack
page read and write
76F000
stack
page read and write
D80000
heap
page read and write
410000
heap
page read and write
6D48F000
unkown
page write copy
6D191000
unkown
page execute read
7F0000
heap
page read and write
2FAE000
stack
page read and write
6D48F000
unkown
page write copy
D50000
heap
page read and write
35B0000
heap
page read and write
6D48D000
unkown
page write copy
6D190000
unkown
page readonly
7D0000
remote allocation
page read and write
6AB000
stack
page read and write
90C000
stack
page read and write
319E000
stack
page read and write
BC0000
heap
page read and write
66E000
stack
page read and write
440000
heap
page read and write
6D190000
unkown
page readonly
6D1FE000
unkown
page read and write
6D48F000
unkown
page write copy
3520000
heap
page read and write
6D494000
unkown
page write copy
720000
heap
page read and write
7AF000
stack
page read and write
6D48D000
unkown
page write copy
4C3E000
stack
page read and write
2FF0000
heap
page read and write
3580000
heap
page read and write
6D427000
unkown
page readonly
6D48E000
unkown
page read and write
6D48F000
unkown
page write copy
6D427000
unkown
page readonly
6D191000
unkown
page execute read
5DE000
stack
page read and write
640000
heap
page read and write
6D494000
unkown
page write copy
D5E000
stack
page read and write
2F00000
heap
page read and write
A30000
heap
page read and write
980000
heap
page read and write
485E000
stack
page read and write
6D191000
unkown
page execute read
B2E000
stack
page read and write
6D427000
unkown
page readonly
4C50000
heap
page read and write
4910000
heap
page read and write
6D191000
unkown
page execute read
550000
heap
page read and write
6D494000
unkown
page write copy
6D191000
unkown
page execute read
6D493000
unkown
page read and write
6D48F000
unkown
page write copy
6D427000
unkown
page readonly
CE0000
heap
page read and write
354E000
stack
page read and write
6D493000
unkown
page read and write
510000
heap
page read and write
6D493000
unkown
page read and write
6D48D000
unkown
page write copy
6D48F000
unkown
page write copy
6CF01000
unkown
page execute read
496F000
stack
page read and write
4AC0000
heap
page read and write
6D4A4000
unkown
page readonly
6D427000
unkown
page readonly
4BEE000
stack
page read and write
6D48D000
unkown
page write copy
6D494000
unkown
page write copy
66A000
heap
page read and write
6D494000
unkown
page write copy
6D427000
unkown
page readonly
740000
heap
page read and write
6D190000
unkown
page readonly
6D496000
unkown
page read and write
4AC000
stack
page read and write
1CC000
stack
page read and write
6D493000
unkown
page read and write
3500000
heap
page read and write
3370000
heap
page read and write
ABA000
heap
page read and write
6D494000
unkown
page write copy
6D427000
unkown
page readonly
3040000
heap
page read and write
B7C000
stack
page read and write
2ECA000
heap
page read and write
6D496000
unkown
page read and write
90E000
stack
page read and write
33B0000
heap
page read and write
760000
heap
page read and write
DDE000
stack
page read and write
5A0000
heap
page read and write
3030000
heap
page read and write
33A0000
heap
page read and write
6D48F000
unkown
page write copy
830000
heap
page read and write
420000
heap
page read and write
B9A000
heap
page read and write
AA0000
remote allocation
page read and write
9B0000
heap
page read and write
6D48F000
unkown
page write copy
9C0000
heap
page read and write
33A0000
heap
page read and write
68B000
stack
page read and write
3050000
heap
page read and write
DD0000
heap
page read and write
49F0000
heap
page read and write
78B000
stack
page read and write
30AE000
stack
page read and write
6D48F000
unkown
page write copy
820000
heap
page read and write
491F000
stack
page read and write
327E000
stack
page read and write
6CF01000
unkown
page execute read
4C7F000
stack
page read and write
6D496000
unkown
page read and write
3210000
heap
page read and write
6D48D000
unkown
page write copy
352F000
stack
page read and write
6D206000
unkown
page read and write
B8F000
stack
page read and write
6D48D000
unkown
page write copy
B0E000
stack
page read and write
CD0000
remote allocation
page read and write
6D191000
unkown
page execute read
CA0000
heap
page read and write
7B0000
remote allocation
page read and write
6D493000
unkown
page read and write
6D48F000
unkown
page write copy
6D214000
unkown
page readonly
98E000
stack
page read and write
314E000
stack
page read and write
6D214000
unkown
page readonly
BF0000
remote allocation
page read and write
C70000
heap
page read and write
900000
heap
page read and write
8A0000
heap
page read and write
6D190000
unkown
page readonly
6D191000
unkown
page execute read
1EC000
stack
page read and write
318F000
stack
page read and write
4CA0000
heap
page read and write
6D206000
unkown
page read and write
49E000
stack
page read and write
6D191000
unkown
page execute read
6D48D000
unkown
page write copy
6D48D000
unkown
page write copy
6D427000
unkown
page readonly
30C0000
remote allocation
page read and write
327C000
stack
page read and write
6D48F000
unkown
page write copy
6D48E000
unkown
page read and write
B0F000
stack
page read and write
DA0000
heap
page read and write
77F000
stack
page read and write
540000
heap
page read and write
2F9F000
stack
page read and write
3010000
heap
page read and write
6D494000
unkown
page write copy
6D427000
unkown
page readonly
321A000
heap
page read and write
BEC000
stack
page read and write
6D48E000
unkown
page read and write
6D48D000
unkown
page write copy
3CD000
stack
page read and write
6D496000
unkown
page read and write
B80000
heap
page read and write
6D191000
unkown
page execute read
910000
heap
page read and write
2F8A000
heap
page read and write
A70000
heap
page read and write
990000
heap
page read and write
6D427000
unkown
page readonly
6D494000
unkown
page write copy
D1E000
stack
page read and write
4450000
heap
page read and write
760000
heap
page read and write
6F0000
heap
page read and write
6D203000
unkown
page read and write
B40000
heap
page read and write
2FF0000
heap
page read and write
6D48E000
unkown
page read and write
6EC000
stack
page read and write
304A000
heap
page read and write
6D204000
unkown
page write copy
489D000
stack
page read and write
4D0000
heap
page read and write
580000
heap
page read and write
A40000
heap
page read and write
31E0000
heap
page read and write
990000
heap
page read and write
305A000
heap
page read and write
6D494000
unkown
page write copy
6D496000
unkown
page read and write
D80000
heap
page read and write
6D493000
unkown
page read and write
6D496000
unkown
page read and write
6D203000
unkown
page read and write
2EE0000
heap
page read and write
BE0000
heap
page read and write
6D190000
unkown
page readonly
There are 569 hidden memdumps, click here to show them.