Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.Evo-gen.28674.10592.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_b865344195a016a7b3cfd6083efc94b48ed2e5e_7522e4b5_22d5e5d6-c07f-42e8-b1e2-20f32a57bb29\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_b865344195a016a7b3cfd6083efc94b48ed2e5e_7522e4b5_2d045183-0052-4765-9d69-f1c013375348\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_b865344195a016a7b3cfd6083efc94b48ed2e5e_7522e4b5_dcc89578-cf24-44a4-a2d6-e7766cc63df5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER997A.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 25 03:34:24 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER99C8.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 25 03:34:24 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AB3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AC3.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AF3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B31.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA7A3.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 25 03:34:28 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA811.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA841.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e8fa6.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e8fb6.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9014.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9024.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e90c1.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e90f0.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e90f1.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e913f.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e916f.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e91bd.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e91ce.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e924c.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e927a.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e92ab.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e92c9.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9385.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9386.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e93e4.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e93e5.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9444.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9491.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e94d1.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e95ab.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e960a.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9c29.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9cf5.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9d64.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9da3.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9e02.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9e80.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9ecf.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9f5d.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9fbb.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6e9feb.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea04a.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea089.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea10b.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea15a.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea19a.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea1f8.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea267.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea2a6.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea2d6.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea335.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea3c3.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea402.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea451.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\6ea4ee.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 52 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.28674.10592.dll"
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.28674.10592.dll, DLL
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.28674.10592.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.28674.10592.dll", DLL
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.28674.10592.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 808
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 800
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 872
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://s.taobao.com/search?initiative_id=staobaoz_20131120&jc=1&q=%C2%E5%C6%E6%D3%A2%D0%DB%B4%AB%D0%
|
unknown
|
||
|
http://www.eyuyan.com)DVarFileInfo$
|
unknown
|
||
|
http://item.taobao.com/item.htm?id=36149830965http://item.taobao.com/item.htm?id=36151081551http://s
|
unknown
|
||
|
http://item.taobao.com/item.htm?id=36149830965
|
unknown
|
||
|
http://68862320bb.d131.tqxq.com/kdc/banben.txt2.5
|
unknown
|
||
|
http://item.taobao.com/item.htm?id=36151057950
|
unknown
|
||
|
http://www.99tianji.com/w55
|
unknown
|
||
|
http://item.taobao.com/item.htm?id=36151081551
|
unknown
|
||
|
http://s.taobao.com/search?q=%D0%FD%B7%E7%CD%F8%C2%E7%C1%AA%C3%CB%A2%DA&app=shopsearch5
|
unknown
|
||
|
http://68862320bb.d131.tqxq.com/kdc/dqgg.txt
|
unknown
|
||
|
http://s.taobao.com/search?q=%C2%E5%C6%E6%D3%A2%D0%DB%B4%AB%D0%FD%B7%E7%B8%A8%D6%FA&searcy_type=item
|
unknown
|
There are 1 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{6cea7faa-12be-0242-0a4e-65cb8b287480}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B8FA4A2E4
|
There are 14 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EA0000
|
heap
|
page read and write
|
||
|
3407000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
33FE000
|
heap
|
page read and write
|
||
|
2F12000
|
heap
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
49F0000
|
heap
|
page read and write
|
||
|
2E7D000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
2EA3000
|
heap
|
page read and write
|
||
|
2E9B000
|
heap
|
page read and write
|
||
|
2F0F000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2EF8000
|
heap
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
2EF6000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
12AA000
|
heap
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
2EF3000
|
heap
|
page read and write
|
||
|
2E86000
|
heap
|
page read and write
|
||
|
4B94000
|
heap
|
page read and write
|
||
|
3407000
|
heap
|
page read and write
|
||
|
4C94000
|
heap
|
page read and write
|
||
|
2E9F000
|
heap
|
page read and write
|
||
|
2E98000
|
heap
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
2F0F000
|
heap
|
page read and write
|
||
|
31E6000
|
heap
|
page read and write
|
||
|
2E88000
|
heap
|
page read and write
|
||
|
127B000
|
heap
|
page read and write
|
||
|
3409000
|
heap
|
page read and write
|
||
|
12B6000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
4B70000
|
heap
|
page read and write
|
||
|
2E87000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
100BE000
|
unkown
|
page read and write
|
||
|
100B4000
|
unkown
|
page write copy
|
||
|
33DA000
|
heap
|
page read and write
|
||
|
4A3F000
|
stack
|
page read and write
|
||
|
12AA000
|
heap
|
page read and write
|
||
|
100B4000
|
unkown
|
page write copy
|
||
|
2F0F000
|
heap
|
page read and write
|
||
|
100B6000
|
unkown
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
29F8000
|
stack
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
2E87000
|
heap
|
page read and write
|
||
|
343B000
|
heap
|
page read and write
|
||
|
1008B000
|
unkown
|
page readonly
|
||
|
2E97000
|
heap
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
113C000
|
stack
|
page read and write
|
||
|
12B3000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
2EFD000
|
heap
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
12A8000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
2EFE000
|
heap
|
page read and write
|
||
|
2F94000
|
heap
|
page read and write
|
||
|
3409000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
2C3C000
|
stack
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
2E9E000
|
heap
|
page read and write
|
||
|
12AB000
|
heap
|
page read and write
|
||
|
12B1000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
4CAF000
|
stack
|
page read and write
|
||
|
31B6000
|
heap
|
page read and write
|
||
|
3405000
|
heap
|
page read and write
|
||
|
2F13000
|
heap
|
page read and write
|
||
|
100B8000
|
unkown
|
page write copy
|
||
|
3410000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
2EFE000
|
heap
|
page read and write
|
||
|
2EFB000
|
heap
|
page read and write
|
||
|
2EB9000
|
heap
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
3422000
|
heap
|
page read and write
|
||
|
4B1F000
|
stack
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
100D7000
|
unkown
|
page readonly
|
||
|
12B6000
|
heap
|
page read and write
|
||
|
4AD4000
|
heap
|
page read and write
|
||
|
2EF3000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
47E0000
|
heap
|
page readonly
|
||
|
2BF8000
|
stack
|
page read and write
|
||
|
12A7000
|
heap
|
page read and write
|
||
|
3409000
|
heap
|
page read and write
|
||
|
4E9F000
|
stack
|
page read and write
|
||
|
3406000
|
heap
|
page read and write
|
||
|
4F24000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
127F000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
31CF000
|
stack
|
page read and write
|
||
|
103A000
|
stack
|
page read and write
|
||
|
340A000
|
heap
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
2F0F000
|
heap
|
page read and write
|
||
|
2E97000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page read and write
|
||
|
100D7000
|
unkown
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3405000
|
heap
|
page read and write
|
||
|
2EF5000
|
heap
|
page read and write
|
||
|
2E9E000
|
heap
|
page read and write
|
||
|
2EFD000
|
heap
|
page read and write
|
||
|
2E87000
|
heap
|
page read and write
|
||
|
2E86000
|
heap
|
page read and write
|
||
|
2E9B000
|
heap
|
page read and write
|
||
|
100B8000
|
unkown
|
page write copy
|
||
|
2E85000
|
heap
|
page read and write
|
||
|
100D3000
|
unkown
|
page execute read
|
||
|
3422000
|
heap
|
page read and write
|
||
|
69D0000
|
trusted library allocation
|
page read and write
|
||
|
31BA000
|
heap
|
page read and write
|
||
|
340B000
|
heap
|
page read and write
|
||
|
2E7D000
|
heap
|
page read and write
|
||
|
2DE8000
|
stack
|
page read and write
|
||
|
100B6000
|
unkown
|
page read and write
|
||
|
4810000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
2EFF000
|
heap
|
page read and write
|
||
|
4CEF000
|
stack
|
page read and write
|
||
|
2E8B000
|
heap
|
page read and write
|
||
|
303B000
|
stack
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
100D3000
|
unkown
|
page execute read
|
||
|
2E97000
|
heap
|
page read and write
|
||
|
2E3C000
|
stack
|
page read and write
|
||
|
4B5E000
|
stack
|
page read and write
|
||
|
47AF000
|
stack
|
page read and write
|
||
|
4A80000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
100C2000
|
unkown
|
page read and write
|
||
|
12B6000
|
heap
|
page read and write
|
||
|
2EA4000
|
heap
|
page read and write
|
||
|
4B9F000
|
stack
|
page read and write
|
||
|
12B1000
|
heap
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
100CE000
|
unkown
|
page read and write
|
||
|
100C1000
|
unkown
|
page write copy
|
||
|
2EFE000
|
heap
|
page read and write
|
||
|
2F28000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
100C1000
|
unkown
|
page write copy
|
||
|
2EEE000
|
heap
|
page read and write
|
||
|
4B74000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
340A000
|
heap
|
page read and write
|
||
|
3422000
|
heap
|
page read and write
|
||
|
2E7E000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
2E8B000
|
heap
|
page read and write
|
||
|
340B000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
3418000
|
heap
|
page read and write
|
||
|
4AD0000
|
heap
|
page read and write
|
||
|
2E5A000
|
heap
|
page read and write
|
||
|
2EF8000
|
heap
|
page read and write
|
||
|
2E97000
|
heap
|
page read and write
|
||
|
2EA3000
|
heap
|
page read and write
|
||
|
4A60000
|
heap
|
page read and write
|
||
|
472F000
|
stack
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
2E87000
|
heap
|
page read and write
|
||
|
3426000
|
heap
|
page read and write
|
||
|
2EFE000
|
heap
|
page read and write
|
||
|
2E9B000
|
heap
|
page read and write
|
||
|
2E98000
|
heap
|
page read and write
|
||
|
100CE000
|
unkown
|
page read and write
|
||
|
1008B000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
100B8000
|
unkown
|
page write copy
|
||
|
2EF5000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
2EF7000
|
heap
|
page read and write
|
||
|
1008B000
|
unkown
|
page readonly
|
||
|
2E9A000
|
heap
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
2EFE000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
12B2000
|
heap
|
page read and write
|
||
|
12AB000
|
heap
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
2E98000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
2EEE000
|
heap
|
page read and write
|
||
|
2E97000
|
heap
|
page read and write
|
||
|
476E000
|
stack
|
page read and write
|
||
|
2E16000
|
heap
|
page read and write
|
||
|
2F13000
|
heap
|
page read and write
|
||
|
3426000
|
heap
|
page read and write
|
||
|
2ECA000
|
heap
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
100B4000
|
unkown
|
page write copy
|
||
|
3040000
|
heap
|
page read and write
|
||
|
12B1000
|
heap
|
page read and write
|
||
|
3409000
|
heap
|
page read and write
|
||
|
12C6000
|
heap
|
page read and write
|
||
|
3425000
|
heap
|
page read and write
|
||
|
33FE000
|
heap
|
page read and write
|
||
|
100BE000
|
unkown
|
page read and write
|
||
|
100C1000
|
unkown
|
page write copy
|
||
|
49F4000
|
heap
|
page read and write
|
||
|
12A9000
|
heap
|
page read and write
|
||
|
100C2000
|
unkown
|
page read and write
|
||
|
2EFD000
|
heap
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
12A7000
|
heap
|
page read and write
|
||
|
340A000
|
heap
|
page read and write
|
||
|
12B1000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2EFD000
|
heap
|
page read and write
|
||
|
100D3000
|
unkown
|
page execute read
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
2EF6000
|
heap
|
page read and write
|
||
|
100BE000
|
unkown
|
page read and write
|
||
|
3409000
|
heap
|
page read and write
|
||
|
2E9F000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
3406000
|
heap
|
page read and write
|
||
|
2EA1000
|
heap
|
page read and write
|
||
|
2EF5000
|
heap
|
page read and write
|
||
|
2F12000
|
heap
|
page read and write
|
||
|
2EF7000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
33FE000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
2E97000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
340F000
|
heap
|
page read and write
|
||
|
2EFA000
|
heap
|
page read and write
|
||
|
4A7F000
|
stack
|
page read and write
|
||
|
100C2000
|
unkown
|
page read and write
|
||
|
100B6000
|
unkown
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page readonly
|
||
|
2EF6000
|
heap
|
page read and write
|
||
|
4E5F000
|
stack
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
3406000
|
heap
|
page read and write
|
||
|
100D7000
|
unkown
|
page readonly
|
||
|
340F000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
2E86000
|
heap
|
page read and write
|
||
|
340E000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
3425000
|
heap
|
page read and write
|
||
|
2EFF000
|
heap
|
page read and write
|
||
|
2EA4000
|
heap
|
page read and write
|
||
|
2EAA000
|
heap
|
page read and write
|
||
|
47D0000
|
heap
|
page read and write
|
||
|
100CE000
|
unkown
|
page read and write
|
||
|
12AD000
|
heap
|
page read and write
|
||
|
4A70000
|
heap
|
page readonly
|
There are 276 hidden memdumps, click here to show them.