Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
02.dll.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_02._cbaa6bb8cd6eed0719b3582c44155bfdd9769a0_0d6cd92f_1df10794-12d3-4aeb-8e12-18077b77d8b2\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_02._cbaa6bb8cd6eed0719b3582c44155bfdd9769a0_0d6cd92f_4c7642fa-6aac-4566-ab6f-477eaee57c2a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_02._cbaa6bb8cd6eed0719b3582c44155bfdd9769a0_0d6cd92f_78c6e70b-b349-4cf0-8a41-4c90649ff421\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_02._cbaa6bb8cd6eed0719b3582c44155bfdd9769a0_0d6cd92f_86b06d30-c960-47a9-9170-11ab0561e4ea\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E42.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 18 01:20:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E71.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 18 01:20:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F4D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F4E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F8C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER800A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER894E.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 18 01:20:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER898E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER89CD.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9516.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 18 01:20:06 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9555.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9576.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\02.dll.dll,bdnimbus_ask
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\02.dll.dll,bdnimbus_ask_async
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\02.dll.dll,bdnimbus_ask_bin
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_ask
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_ask_async
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_ask_bin
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",checkit
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_uninit
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_text
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_set_optionv
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_set_option
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_push_json
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_push_info
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_push_bin
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_mem_upload_async
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_mem_upload
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_json_type_of
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_json_string
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_json_real
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_json_path
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_json_object
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\02.dll.dll",bdnimbus_json_long
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\02.dll.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\02.dll.dll",#1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3440 -s 424
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 1900 -s 416
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 4124 -s 420
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 1408 -s 416
|
There are 20 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{2755e50e-17b4-b6dd-d94d-5e22d99d57c2}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1A41A0D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1A41B901000
|
direct allocation
|
page execute and read and write
|
|
|
|
1A41A104000
|
direct allocation
|
page read and write
|
|
|
|
1A41A101000
|
direct allocation
|
page execute read
|
|
|
|
1A41BB06000
|
heap
|
page read and write
|
|
|
|
17C5E7C000
|
stack
|
page read and write
|
||
|
2580F750000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
2203A230000
|
heap
|
page read and write
|
||
|
AEDB2FE000
|
stack
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
2CC53CF0000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1A41B950000
|
heap
|
page read and write
|
||
|
259A3470000
|
heap
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
4C7439F000
|
stack
|
page read and write
|
||
|
1BBBB4D5000
|
heap
|
page read and write
|
||
|
129E3970000
|
heap
|
page read and write
|
||
|
2CC53D80000
|
remote allocation
|
page read and write
|
||
|
28822620000
|
heap
|
page read and write
|
||
|
1AE3F130000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1D00C3A0000
|
heap
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
21B39EED000
|
heap
|
page read and write
|
||
|
1A41A103000
|
direct allocation
|
page readonly
|
||
|
1CBD6560000
|
heap
|
page read and write
|
||
|
1A419F50000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
2C68B3B0000
|
heap
|
page read and write
|
||
|
1F4BAD40000
|
heap
|
page read and write
|
||
|
259A1AF0000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
202AECC0000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
1D00C3B0000
|
heap
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
134A3030000
|
heap
|
page read and write
|
||
|
2203A490000
|
heap
|
page read and write
|
||
|
1F4BAE70000
|
heap
|
page read and write
|
||
|
D1EF57F000
|
stack
|
page read and write
|
||
|
1CF00BC5000
|
heap
|
page read and write
|
||
|
35DC3FF000
|
stack
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
EC74A7F000
|
stack
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
AEDB37F000
|
stack
|
page read and write
|
||
|
C86407F000
|
stack
|
page read and write
|
||
|
16D03CE0000
|
heap
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
C863D2C000
|
stack
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
1DAB7110000
|
heap
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
1BBBB470000
|
heap
|
page read and write
|
||
|
129E3AA0000
|
heap
|
page read and write
|
||
|
129E3C75000
|
heap
|
page read and write
|
||
|
134A2F10000
|
heap
|
page read and write
|
||
|
1D00DE40000
|
heap
|
page read and write
|
||
|
743BBDF000
|
stack
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
134A3010000
|
heap
|
page read and write
|
||
|
16D03CF0000
|
heap
|
page read and write
|
||
|
35DC37E000
|
stack
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
314F5FE000
|
stack
|
page read and write
|
||
|
28822520000
|
heap
|
page read and write
|
||
|
E3D8AC000
|
stack
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
C325E8C000
|
stack
|
page read and write
|
||
|
21B14F90000
|
remote allocation
|
page read and write
|
||
|
6A9427C000
|
stack
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
16D03D40000
|
heap
|
page read and write
|
||
|
E3D92E000
|
stack
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
16D03D58000
|
heap
|
page read and write
|
||
|
314F4FE000
|
stack
|
page read and write
|
||
|
259A19F4000
|
heap
|
page read and write
|
||
|
134A2E30000
|
heap
|
page read and write
|
||
|
1A41A150000
|
heap
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
1A41B900000
|
direct allocation
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
1A419FA1000
|
heap
|
page read and write
|
||
|
1A419F80000
|
heap
|
page read and write
|
||
|
2580F670000
|
heap
|
page read and write
|
||
|
1D00C7F5000
|
heap
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
1F4BAF00000
|
heap
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
161CD9F000
|
stack
|
page read and write
|
||
|
1D00C470000
|
heap
|
page read and write
|
||
|
20E9E690000
|
heap
|
page read and write
|
||
|
202AEB30000
|
heap
|
page read and write
|
||
|
1CBD6250000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1BBBB4D0000
|
heap
|
page read and write
|
||
|
84B38C000
|
stack
|
page read and write
|
||
|
F50087F000
|
stack
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
21B14C08000
|
heap
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
E1724CC000
|
stack
|
page read and write
|
||
|
1F4BAEF0000
|
remote allocation
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
1CF00A20000
|
heap
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
140B7A40000
|
heap
|
page read and write
|
||
|
129E3C20000
|
remote allocation
|
page read and write
|
||
|
21B39E40000
|
heap
|
page read and write
|
||
|
129E3C70000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
1AE3EE30000
|
heap
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
E3D9AF000
|
stack
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
2C68B1C7000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1D00C7D0000
|
remote allocation
|
page read and write
|
||
|
4C7429C000
|
stack
|
page read and write
|
||
|
1BBBB358000
|
heap
|
page read and write
|
||
|
EC74AFF000
|
stack
|
page read and write
|
||
|
202AECC5000
|
heap
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
16D03D45000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
291ACC55000
|
heap
|
page read and write
|
||
|
1CF00B00000
|
heap
|
page read and write
|
||
|
84B67F000
|
stack
|
page read and write
|
||
|
AEDB27C000
|
stack
|
page read and write
|
||
|
680087C000
|
stack
|
page read and write
|
||
|
22130530000
|
remote allocation
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
291AC8F0000
|
heap
|
page read and write
|
||
|
1D00C478000
|
heap
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
20E9E460000
|
heap
|
page read and write
|
||
|
1CF02580000
|
heap
|
page read and write
|
||
|
2580F985000
|
heap
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
1DAB7120000
|
heap
|
page read and write
|
||
|
2E888CC000
|
stack
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
134A30D0000
|
heap
|
page read and write
|
||
|
1CBD6290000
|
heap
|
page read and write
|
||
|
2212EAE0000
|
heap
|
page read and write
|
||
|
259A1BB0000
|
heap
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
1DAB719E000
|
heap
|
page read and write
|
||
|
95A357F000
|
stack
|
page read and write
|
||
|
405127C000
|
stack
|
page read and write
|
||
|
291AC8D0000
|
heap
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
DE5A7CF000
|
stack
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
1A419F88000
|
heap
|
page read and write
|
||
|
140B77D0000
|
heap
|
page read and write
|
||
|
1CBD6230000
|
heap
|
page read and write
|
||
|
202AECB0000
|
remote allocation
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
21B3B870000
|
heap
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
1A419E50000
|
heap
|
page read and write
|
||
|
1A41BB00000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
259A19D8000
|
heap
|
page read and write
|
||
|
6A942FF000
|
stack
|
page read and write
|
||
|
1CF00BC0000
|
heap
|
page read and write
|
||
|
95A347C000
|
stack
|
page read and write
|
||
|
129E3A50000
|
heap
|
page read and write
|
||
|
C43307C000
|
stack
|
page read and write
|
||
|
C43317E000
|
stack
|
page read and write
|
||
|
2CC53B00000
|
heap
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
A68DC7C000
|
stack
|
page read and write
|
||
|
2C68B2C0000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
743BE7F000
|
stack
|
page read and write
|
||
|
2212EAE8000
|
heap
|
page read and write
|
||
|
2580F7B8000
|
heap
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
2203BCB0000
|
heap
|
page read and write
|
||
|
1DAB73C0000
|
heap
|
page read and write
|
||
|
68008FF000
|
stack
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
161CC9C000
|
stack
|
page read and write
|
||
|
2212EBE0000
|
heap
|
page read and write
|
||
|
1A41A100000
|
direct allocation
|
page read and write
|
||
|
17C5F7F000
|
stack
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
21B39EE0000
|
heap
|
page read and write
|
||
|
1CBD6570000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
1AE3EF00000
|
heap
|
page read and write
|
||
|
1DAB7140000
|
heap
|
page read and write
|
||
|
134A4880000
|
remote allocation
|
page read and write
|
||
|
140B77F0000
|
heap
|
page read and write
|
||
|
259A18F0000
|
heap
|
page read and write
|
||
|
28822625000
|
heap
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
F50050C000
|
stack
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
2C68B3F5000
|
heap
|
page read and write
|
||
|
161CD1F000
|
stack
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
140B79C0000
|
heap
|
page read and write
|
||
|
21B14FA5000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
28822280000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
1CBD6150000
|
heap
|
page read and write
|
||
|
1AE3F135000
|
heap
|
page read and write
|
||
|
134A30D5000
|
heap
|
page read and write
|
||
|
1A41A155000
|
heap
|
page read and write
|
||
|
405137F000
|
stack
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
314F1EC000
|
stack
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
1BBBB270000
|
heap
|
page read and write
|
||
|
2CC53DC5000
|
heap
|
page read and write
|
||
|
1CF00B20000
|
heap
|
page read and write
|
||
|
680097F000
|
stack
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
21B14E00000
|
heap
|
page read and write
|
||
|
21B14C00000
|
heap
|
page read and write
|
||
|
2203A210000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
1BBBCDC0000
|
remote allocation
|
page read and write
|
||
|
2212EAC0000
|
heap
|
page read and write
|
||
|
2CC53B08000
|
heap
|
page read and write
|
||
|
291ACB60000
|
remote allocation
|
page read and write
|
||
|
28822290000
|
heap
|
page read and write
|
||
|
1BBBB350000
|
heap
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
20E9E685000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
291AC978000
|
heap
|
page read and write
|
||
|
2580F980000
|
heap
|
page read and write
|
||
|
20E9E488000
|
heap
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
6A9437F000
|
stack
|
page read and write
|
||
|
291AC970000
|
heap
|
page read and write
|
||
|
20E9FFB0000
|
remote allocation
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
21B3B7E0000
|
heap
|
page read and write
|
||
|
F50058F000
|
stack
|
page read and write
|
||
|
1BBBB450000
|
heap
|
page read and write
|
||
|
2E8894F000
|
stack
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
21B39D60000
|
heap
|
page read and write
|
||
|
2C68B3F0000
|
heap
|
page read and write
|
||
|
140B7B65000
|
heap
|
page read and write
|
||
|
E1725CF000
|
stack
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
1AE3EE10000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
21B39EF9000
|
heap
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
1DAB7190000
|
heap
|
page read and write
|
||
|
1A41A12E000
|
direct allocation
|
page readonly
|
||
|
288222B0000
|
heap
|
page read and write
|
||
|
129E3A70000
|
heap
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
2212EC90000
|
heap
|
page read and write
|
||
|
2CC53DC0000
|
heap
|
page read and write
|
||
|
1D00C7F0000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
129E3BF0000
|
heap
|
page read and write
|
||
|
35DC2FC000
|
stack
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
D1EF4FF000
|
stack
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
140B77F8000
|
heap
|
page read and write
|
||
|
1AE3ED30000
|
heap
|
page read and write
|
||
|
16D03D50000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
1CF00C08000
|
heap
|
page read and write
|
||
|
1F4BAE20000
|
heap
|
page read and write
|
||
|
1DAB73C5000
|
heap
|
page read and write
|
||
|
A68DCFE000
|
stack
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
202AEA10000
|
heap
|
page read and write
|
||
|
259A1AD0000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
1F4BAE75000
|
heap
|
page read and write
|
||
|
2C68B2E0000
|
heap
|
page read and write
|
||
|
259A1BB5000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
2CC55640000
|
heap
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
A68DD7E000
|
stack
|
page read and write
|
||
|
129E3AA8000
|
heap
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
4C7431E000
|
stack
|
page read and write
|
||
|
291ACBC0000
|
heap
|
page read and write
|
||
|
1A41BA90000
|
trusted library allocation
|
page read and write
|
||
|
20E9E650000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
17C5EFE000
|
stack
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
21B14D00000
|
heap
|
page read and write
|
||
|
2203A480000
|
remote allocation
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
DE5A74F000
|
stack
|
page read and write
|
||
|
2CC53CD0000
|
heap
|
page read and write
|
||
|
70D527C000
|
stack
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
2212EC80000
|
heap
|
page read and write
|
||
|
70D537F000
|
stack
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
EC747DC000
|
stack
|
page read and write
|
||
|
1F4BAF08000
|
heap
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
1A419F30000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
DE5A6CC000
|
stack
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
134A2F18000
|
heap
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
25811200000
|
heap
|
page read and write
|
||
|
20E9E680000
|
heap
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
2E889CF000
|
stack
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
2203A238000
|
heap
|
page read and write
|
||
|
1F4BAE40000
|
heap
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
134A4920000
|
heap
|
page read and write
|
||
|
20E9FF90000
|
heap
|
page read and write
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
2203A1E0000
|
heap
|
page read and write
|
||
|
D1EF47C000
|
stack
|
page read and write
|
||
|
1CBD6575000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
291AC8C0000
|
heap
|
page read and write
|
||
|
95A34FF000
|
stack
|
page read and write
|
||
|
2203A1F0000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
743BB5C000
|
stack
|
page read and write
|
||
|
1A419FAF000
|
heap
|
page read and write
|
||
|
202AEB10000
|
heap
|
page read and write
|
||
|
16D05820000
|
remote allocation
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
C863DAE000
|
stack
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
259A19D0000
|
heap
|
page read and write
|
||
|
70D52FF000
|
stack
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
1DAB7198000
|
heap
|
page read and write
|
||
|
2CC53AE0000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
C4330FF000
|
stack
|
page read and write
|
||
|
21B14FA0000
|
heap
|
page read and write
|
||
|
84B6FF000
|
stack
|
page read and write
|
||
|
21B39E70000
|
heap
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
16D058F0000
|
heap
|
page read and write
|
||
|
202B0590000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
1D00C3D0000
|
heap
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
2C68B1C0000
|
heap
|
page read and write
|
||
|
140B7B60000
|
heap
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
2C68B0D0000
|
heap
|
page read and write
|
||
|
2580F770000
|
heap
|
page read and write
|
||
|
1A41A140000
|
trusted library allocation
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
21B14DE0000
|
heap
|
page read and write
|
||
|
20E9E480000
|
heap
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
21B168E0000
|
heap
|
page read and write
|
||
|
21B39E70000
|
heap
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
1AE3F0B0000
|
heap
|
page read and write
|
||
|
202AEB38000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
2212EC95000
|
heap
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
1AE3EF08000
|
heap
|
page read and write
|
||
|
1BBBCD90000
|
heap
|
page read and write
|
||
|
28822328000
|
heap
|
page read and write
|
||
|
1DAB8CD0000
|
heap
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
2580F7B0000
|
heap
|
page read and write
|
||
|
1A41B990000
|
heap
|
page read and write
|
||
|
202AEAF0000
|
heap
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
291ACC50000
|
heap
|
page read and write
|
||
|
1F4BC900000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
1CBD6298000
|
heap
|
page read and write
|
||
|
2203A495000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
2212E9E0000
|
heap
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
40512FF000
|
stack
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
16D03D10000
|
heap
|
page read and write
|
||
|
E17254F000
|
stack
|
page read and write
|
||
|
140B79E0000
|
heap
|
page read and write
|
||
|
28822320000
|
heap
|
page read and write
|
||
|
1CF00C00000
|
heap
|
page read and write
|
There are 445 hidden memdumps, click here to show them.