Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
6CUj5MBggF.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll64.exe_ad93cb228ab98f9ef5f4ec267a7cf3171f88dc4_606702e6_a7367550-730b-476e-8289-dfb0b98b2092\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_regsvr32.exe_5430187a20f1e1abcbbb987c41713fb407235ea_e29f7403_5a2d7340-ba07-41d0-a4cb-e403a198e059\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6CU_7388dff48cc23628a4ea92b83ffbbc9f91ab18_d33dfb83_6292dada-936a-4b51-806b-5e354b1c75ee\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6CU_7388dff48cc23628a4ea92b83ffbbc9f91ab18_d33dfb83_7ba62480-dbd8-40d1-aada-2d35fbba7c1b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6CU_7388dff48cc23628a4ea92b83ffbbc9f91ab18_d33dfb83_979c50c0-29ee-4e52-a078-833371fa9173\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_6CU_7388dff48cc23628a4ea92b83ffbbc9f91ab18_d33dfb83_d0849452-92c2-4bc5-8dd0-8d4c6d981e0c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER66A5.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:11:51 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER66B5.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:11:51 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6751.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:11:51 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6762.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER67BF.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER67EF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER680D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER682E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER683D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7105.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:11:53 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7183.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER71B3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7CAE.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:11:56 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7CED.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D4C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8885.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 25 20:11:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER88C4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8904.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\6CUj5MBggF.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\6CUj5MBggF.dll",#1
|
||
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\6CUj5MBggF.dll
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\6CUj5MBggF.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\6CUj5MBggF.dll,AzAddPropertyItem
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5576 -s 456
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 504 -s 344
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5720 -s 376
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\6CUj5MBggF.dll,AzApplicationClose
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5200 -s 344
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\6CUj5MBggF.dll,AzApplicationCreate
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2664 -s 344
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 3080 -s 412
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
ProgramId
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
FileId
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
LongPathHash
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
Name
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
OriginalFileName
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
Publisher
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
Version
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
BinFileVersion
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
BinaryType
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
ProductName
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
ProductVersion
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
LinkDate
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
BinProductVersion
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
Size
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
Language
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
IsOsComponent
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\regsvr32.exe|20eb212352f3412a
|
Usn
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{6c0052c8-5d3d-97d9-145d-47785c41e85d}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
ProgramId
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
FileId
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
LongPathHash
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Name
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
OriginalFileName
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Publisher
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Version
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
BinFileVersion
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
BinaryType
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
ProductName
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
ProductVersion
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
LinkDate
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
BinProductVersion
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Size
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Language
|
||
|
\REGISTRY\A\{758fc1a6-1876-946c-4465-474c0fc2c5c0}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Usn
|
There are 49 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2480C560000
|
heap
|
page read and write
|
||
|
1F43060C000
|
heap
|
page read and write
|
||
|
1F430614000
|
heap
|
page read and write
|
||
|
17A6D840000
|
heap
|
page read and write
|
||
|
2480AA40000
|
heap
|
page read and write
|
||
|
19A58119000
|
heap
|
page read and write
|
||
|
1F43086B000
|
heap
|
page read and write
|
||
|
1F430609000
|
heap
|
page read and write
|
||
|
1F433990000
|
heap
|
page read and write
|
||
|
213080A0000
|
trusted library allocation
|
page read and write
|
||
|
1F430612000
|
heap
|
page read and write
|
||
|
21304D03000
|
heap
|
page read and write
|
||
|
1F430629000
|
heap
|
page read and write
|
||
|
21304CFE000
|
heap
|
page read and write
|
||
|
17A6D770000
|
heap
|
page read and write
|
||
|
21304CF2000
|
heap
|
page read and write
|
||
|
1F43060C000
|
heap
|
page read and write
|
||
|
2480AA78000
|
heap
|
page read and write
|
||
|
21307FA3000
|
heap
|
page read and write
|
||
|
1CD98FE000
|
stack
|
page read and write
|
||
|
1F430606000
|
heap
|
page read and write
|
||
|
2480AAA8000
|
heap
|
page read and write
|
||
|
107B000
|
stack
|
page read and write
|
||
|
19A58300000
|
heap
|
page read and write
|
||
|
17A6D822000
|
heap
|
page read and write
|
||
|
17A6D7F0000
|
heap
|
page read and write
|
||
|
21304CFE000
|
heap
|
page read and write
|
||
|
1F433993000
|
heap
|
page read and write
|
||
|
2480AA98000
|
heap
|
page read and write
|
||
|
651E0FE000
|
stack
|
page read and write
|
||
|
2480E2C0000
|
trusted library allocation
|
page read and write
|
||
|
21304CFE000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
21304D13000
|
heap
|
page read and write
|
||
|
17A6DAA0000
|
heap
|
page read and write
|
||
|
19A58110000
|
heap
|
page read and write
|
||
|
17A6D80E000
|
heap
|
page read and write
|
||
|
1F430609000
|
heap
|
page read and write
|
||
|
1F430560000
|
heap
|
page read and write
|
||
|
3514EA000
|
stack
|
page read and write
|
||
|
35187E000
|
stack
|
page read and write
|
||
|
43EE7BA000
|
stack
|
page read and write
|
||
|
21304CF6000
|
heap
|
page read and write
|
||
|
17A6D838000
|
heap
|
page read and write
|
||
|
17A6D815000
|
heap
|
page read and write
|
||
|
17A6D81B000
|
heap
|
page read and write
|
||
|
17A6D819000
|
heap
|
page read and write
|
||
|
21304D05000
|
heap
|
page read and write
|
||
|
17A6D840000
|
heap
|
page read and write
|
||
|
21304C80000
|
heap
|
page read and write
|
||
|
19A58330000
|
heap
|
page read and write
|
||
|
17A6D81B000
|
heap
|
page read and write
|
||
|
17A6D81B000
|
heap
|
page read and write
|
||
|
1F430606000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
19A58340000
|
heap
|
page read and write
|
||
|
17A6DAA5000
|
heap
|
page read and write
|
||
|
17A6D790000
|
heap
|
page read and write
|
||
|
2480AA90000
|
heap
|
page read and write
|
||
|
43EEAFE000
|
stack
|
page read and write
|
||
|
17A6D815000
|
heap
|
page read and write
|
||
|
1F43061B000
|
heap
|
page read and write
|
||
|
1F432150000
|
heap
|
page read and write
|
||
|
1F430610000
|
heap
|
page read and write
|
||
|
21304EAB000
|
heap
|
page read and write
|
||
|
133F000
|
stack
|
page read and write
|
||
|
2480AAA0000
|
heap
|
page read and write
|
||
|
2480AA9C000
|
heap
|
page read and write
|
||
|
1F430860000
|
heap
|
page read and write
|
||
|
17A6D826000
|
heap
|
page read and write
|
||
|
17A6D690000
|
heap
|
page read and write
|
||
|
17A70A50000
|
heap
|
page read and write
|
||
|
17A6DAAB000
|
heap
|
page read and write
|
||
|
13BF000
|
stack
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
19A5811D000
|
heap
|
page read and write
|
||
|
21304B80000
|
heap
|
page read and write
|
||
|
17A6D811000
|
heap
|
page read and write
|
||
|
1F430540000
|
heap
|
page read and write
|
||
|
1CD997E000
|
stack
|
page read and write
|
||
|
1F4305FE000
|
heap
|
page read and write
|
||
|
1F4305E0000
|
heap
|
page read and write
|
||
|
D83727E000
|
stack
|
page read and write
|
||
|
21304CD0000
|
heap
|
page read and write
|
||
|
2480AAB1000
|
heap
|
page read and write
|
||
|
2480AE0B000
|
heap
|
page read and write
|
||
|
10FB000
|
heap
|
page read and write
|
||
|
17A6D840000
|
heap
|
page read and write
|
||
|
651DFFD000
|
stack
|
page read and write
|
||
|
35156E000
|
stack
|
page read and write
|
||
|
21304E00000
|
heap
|
page read and write
|
||
|
D836F1A000
|
stack
|
page read and write
|
||
|
1F4307C0000
|
heap
|
page read and write
|
||
|
2480AA9C000
|
heap
|
page read and write
|
||
|
17A6D819000
|
heap
|
page read and write
|
||
|
1F43060F000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
2480AA70000
|
heap
|
page read and write
|
||
|
2480DD30000
|
heap
|
page read and write
|
||
|
17A6D823000
|
heap
|
page read and write
|
||
|
19A58220000
|
heap
|
page read and write
|
||
|
21304C60000
|
heap
|
page read and write
|
||
|
17A6D81B000
|
heap
|
page read and write
|
||
|
17A6D7F8000
|
heap
|
page read and write
|
||
|
1F430612000
|
heap
|
page read and write
|
||
|
2480DCE0000
|
heap
|
page read and write
|
||
|
2480AA10000
|
heap
|
page read and write
|
||
|
21304EA5000
|
heap
|
page read and write
|
||
|
1F4305E8000
|
heap
|
page read and write
|
||
|
1F430602000
|
heap
|
page read and write
|
||
|
1F430617000
|
heap
|
page read and write
|
||
|
17A6D840000
|
heap
|
page read and write
|
||
|
21304EA0000
|
heap
|
page read and write
|
||
|
43EEA7D000
|
stack
|
page read and write
|
||
|
2480AA94000
|
heap
|
page read and write
|
||
|
21304CFE000
|
heap
|
page read and write
|
||
|
21304CFA000
|
heap
|
page read and write
|
||
|
651DEFC000
|
stack
|
page read and write
|
||
|
2480AA94000
|
heap
|
page read and write
|
||
|
21307FA0000
|
heap
|
page read and write
|
||
|
17A6D81C000
|
heap
|
page read and write
|
||
|
17A70F30000
|
trusted library allocation
|
page read and write
|
||
|
3518FE000
|
stack
|
page read and write
|
||
|
111F000
|
heap
|
page read and write
|
||
|
2480AA9C000
|
heap
|
page read and write
|
||
|
D8372FF000
|
stack
|
page read and write
|
||
|
1CD987E000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
2480AE00000
|
heap
|
page read and write
|
||
|
13F5000
|
heap
|
page read and write
|
||
|
1CD95FA000
|
stack
|
page read and write
|
||
|
213088A0000
|
heap
|
page read and write
|
||
|
21304CF6000
|
heap
|
page read and write
|
||
|
2480DD33000
|
heap
|
page read and write
|
||
|
1F430530000
|
heap
|
page read and write
|
||
|
2480AA20000
|
heap
|
page read and write
|
||
|
1CD99FF000
|
stack
|
page read and write
|
||
|
21304D02000
|
heap
|
page read and write
|
||
|
3515EE000
|
stack
|
page read and write
|
||
|
17A6D82B000
|
heap
|
page read and write
|
||
|
1F430865000
|
heap
|
page read and write
|
||
|
17A6D811000
|
heap
|
page read and write
|
||
|
17A70A90000
|
heap
|
page read and write
|
||
|
2480AAA3000
|
heap
|
page read and write
|
||
|
1F433ED0000
|
trusted library allocation
|
page read and write
|
||
|
17A6D812000
|
heap
|
page read and write
|
||
|
21304CD8000
|
heap
|
page read and write
|
||
|
D836F9E000
|
stack
|
page read and write
|
||
|
21304D0A000
|
heap
|
page read and write
|
||
|
17A6F200000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
2480AE05000
|
heap
|
page read and write
|
||
|
17A70A93000
|
heap
|
page read and write
|
There are 143 hidden memdumps, click here to show them.