Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
360total.dll.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_360_68c96245dd5f839ff441fb79a97a9b35299d069_9cecb875_e8b4a60c-0a4b-406f-b4de-e74f5b66cb69\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_360_f6ce5fb8c554a1c5617cb52ea4bda5a5f52864d1_9cecb875_70d5a318-011b-4b09-9f21-f60ccd1d195e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C76.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:42:56 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D80.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6DB0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER93A5.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 25 20:43:06 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9413.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9443.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Custom_update\Update_79066994.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Custom_update\update_data.dat
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\360total.dll.dll,CreateObject
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\360total.dll.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\AppData\Roaming\Custom_update\Update_79066994.dll", #1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\360total.dll.dll,homq
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\360total.dll.dll,RegisterInstallTime
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c ipconfig /all
|
|
|
|
C:\Windows\System32\ipconfig.exe
|
ipconfig /all
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c systeminfo
|
|
|
|
C:\Windows\System32\systeminfo.exe
|
systeminfo
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c nltest /domain_trusts
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c nltest /domain_trusts /all_trusts
|
|
|
|
C:\Windows\System32\cmd.exe
|
/c net view /all /domain
|
|
|
|
C:\Windows\System32\net.exe
|
net view /all /domain
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\360total.dll.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5572 -s 452
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5572 -s 472
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\nltest.exe
|
nltest /domain_trusts
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\nltest.exe
|
nltest /domain_trusts /all_trusts
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 16 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://wrankaget.site/live/
|
|
||
|
https://jarinamaers.shop/
|
unknown
|
|
|
|
https://grizmotras.com/live/
|
172.67.219.28
|
|
|
|
https://jarinamaers.shop/live/
|
172.67.136.103
|
|
|
|
https://jarinamaers.shop/live/dOIDInfo
|
unknown
|
||
|
https://jarinamaers.shop/n
|
unknown
|
||
|
https://jarinamaers.shop/rs
|
unknown
|
||
|
https://jarinamaers.shop/live/&
|
unknown
|
||
|
http://pconf.f.360.cn/safe_update.php
|
unknown
|
||
|
https://jarinamaers.shop/7
|
unknown
|
||
|
https://grizmotras.com/g
|
unknown
|
||
|
ftp://ftp%2desktop.ini
|
unknown
|
||
|
https://jarinamaers.shop/live/4K&
|
unknown
|
||
|
https://grizmotras.com/
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://grizmotras.com/live/U
|
unknown
|
||
|
https://pewwhranet.com/live/
|
unknown
|
||
|
https://grizmotras.com/live/)
|
unknown
|
||
|
http://pscan.f.360.cn/safe_update.php
|
unknown
|
||
|
https://jarinamaers.shop/7-
|
unknown
|
||
|
http://dr.f.360.cn/scanlist
|
unknown
|
||
|
https://grizmotras.com/live/p
|
unknown
|
||
|
http://pscan.f.360.cn/safe_update.phphttp://pconf.f.360.cn/safe_update.phphttp://sconf.f.360.cn/clie
|
unknown
|
||
|
http://sconf.f.360.cn/client_security_conf
|
unknown
|
||
|
http://dr.f.360.cn/scan
|
unknown
|
||
|
https://grizmotras.com/live/URLS1https://pewwhranet.com/live/COMMAND4front://sysinfo.bin
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jarinamaers.shop
|
172.67.136.103
|
|
|
|
grizmotras.com
|
172.67.219.28
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.136.103
|
jarinamaers.shop
|
United States
|
|
|
|
172.67.219.28
|
grizmotras.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
\REGISTRY\A\{fdb6005e-7f1c-71d7-62ac-3f3748211696}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000F00DF6E8B
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4387
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%SystemRoot%\system32\mlang.dll,-4407
|
There are 16 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22380120000
|
direct allocation
|
page read and write
|
|
|
|
20342FE0000
|
direct allocation
|
page read and write
|
|
|
|
203431C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
22381EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
A88ED78000
|
stack
|
page read and write
|
|
|
|
22380230000
|
direct allocation
|
page execute and read and write
|
|
|
|
26C61E20000
|
direct allocation
|
page execute and read and write
|
|
|
|
22380130000
|
direct allocation
|
page execute and read and write
|
|
|
|
22380230000
|
direct allocation
|
page execute and read and write
|
|
|
|
22381EB0000
|
direct allocation
|
page execute and read and write
|
|
|
|
26C61E10000
|
direct allocation
|
page read and write
|
|
|
|
22380230000
|
direct allocation
|
page execute and read and write
|
|
|
|
22380180000
|
trusted library allocation
|
page read and write
|
||
|
1BF15D64000
|
heap
|
page read and write
|
||
|
85B0BFE000
|
stack
|
page read and write
|
||
|
2673EE70000
|
heap
|
page read and write
|
||
|
20343300000
|
trusted library allocation
|
page read and write
|
||
|
19A2FC70000
|
heap
|
page read and write
|
||
|
20342FF0000
|
heap
|
page read and write
|
||
|
22381B40000
|
direct allocation
|
page execute and read and write
|
||
|
21E82425000
|
heap
|
page read and write
|
||
|
214A3C90000
|
heap
|
page read and write
|
||
|
241B2250000
|
heap
|
page read and write
|
||
|
21E823E5000
|
heap
|
page read and write
|
||
|
215C28F0000
|
heap
|
page read and write
|
||
|
83689FF000
|
stack
|
page read and write
|
||
|
223FFF27000
|
heap
|
page read and write
|
||
|
241B2270000
|
heap
|
page read and write
|
||
|
241B22DA000
|
heap
|
page read and write
|
||
|
22381B40000
|
direct allocation
|
page execute and read and write
|
||
|
F8949FF000
|
unkown
|
page read and write
|
||
|
21E82418000
|
heap
|
page read and write
|
||
|
223FFF60000
|
heap
|
page read and write
|
||
|
15B5FDD000
|
stack
|
page read and write
|
||
|
1BF15D6C000
|
heap
|
page read and write
|
||
|
241B22E6000
|
heap
|
page read and write
|
||
|
21E8240A000
|
heap
|
page read and write
|
||
|
1BF15D71000
|
heap
|
page read and write
|
||
|
1AFCBF10000
|
heap
|
page read and write
|
||
|
20344B70000
|
direct allocation
|
page execute and read and write
|
||
|
223FFF60000
|
heap
|
page read and write
|
||
|
F3B9AFB000
|
stack
|
page read and write
|
||
|
21E82403000
|
heap
|
page read and write
|
||
|
20344C00000
|
direct allocation
|
page execute and read and write
|
||
|
26C61C90000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
241B2525000
|
heap
|
page read and write
|
||
|
6F27B0F000
|
stack
|
page read and write
|
||
|
1BF15D61000
|
heap
|
page read and write
|
||
|
214A3BE0000
|
heap
|
page read and write
|
||
|
22382090000
|
direct allocation
|
page execute and read and write
|
||
|
22381EA0000
|
direct allocation
|
page execute and read and write
|
||
|
223FFF23000
|
heap
|
page read and write
|
||
|
2673EBC0000
|
heap
|
page read and write
|
||
|
2F8657E000
|
stack
|
page read and write
|
||
|
15B627E000
|
stack
|
page read and write
|
||
|
2673EBF0000
|
heap
|
page read and write
|
||
|
19A2FA20000
|
heap
|
page read and write
|
||
|
A88E9CC000
|
stack
|
page read and write
|
||
|
21E82403000
|
heap
|
page read and write
|
||
|
20343315000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
22547B90000
|
heap
|
page read and write
|
||
|
20344C20000
|
direct allocation
|
page execute and read and write
|
||
|
180086000
|
unkown
|
page readonly
|
||
|
665C11F000
|
stack
|
page read and write
|
||
|
70D6B2C000
|
stack
|
page read and write
|
||
|
12D40978000
|
heap
|
page read and write
|
||
|
F894AFF000
|
stack
|
page read and write
|
||
|
1AFCBFC9000
|
heap
|
page read and write
|
||
|
12D40970000
|
heap
|
page read and write
|
||
|
22381EC0000
|
direct allocation
|
page execute and read and write
|
||
|
1BF15D64000
|
heap
|
page read and write
|
||
|
223FFE50000
|
heap
|
page read and write
|
||
|
21E82418000
|
heap
|
page read and write
|
||
|
39029FF000
|
stack
|
page read and write
|
||
|
20343300000
|
direct allocation
|
page execute and read and write
|
||
|
12D40CE0000
|
heap
|
page read and write
|
||
|
26C61DB0000
|
heap
|
page read and write
|
||
|
241B22CE000
|
heap
|
page read and write
|
||
|
22381F80000
|
remote allocation
|
page read and write
|
||
|
21E82415000
|
heap
|
page read and write
|
||
|
21E823E6000
|
heap
|
page read and write
|
||
|
21E82403000
|
heap
|
page read and write
|
||
|
223801C0000
|
heap
|
page read and write
|
||
|
D39117C000
|
stack
|
page read and write
|
||
|
1800C6000
|
unkown
|
page write copy
|
||
|
215C2980000
|
heap
|
page read and write
|
||
|
21E82415000
|
heap
|
page read and write
|
||
|
1AFCC370000
|
heap
|
page read and write
|
||
|
214A39E0000
|
heap
|
page read and write
|
||
|
241B22F8000
|
heap
|
page read and write
|
||
|
180086000
|
unkown
|
page readonly
|
||
|
1BF19113000
|
heap
|
page read and write
|
||
|
1AFCBFC0000
|
heap
|
page read and write
|
||
|
7A78A7E000
|
stack
|
page read and write
|
||
|
390255C000
|
stack
|
page read and write
|
||
|
223FFF5D000
|
heap
|
page read and write
|
||
|
21E8240A000
|
heap
|
page read and write
|
||
|
6F27A8C000
|
stack
|
page read and write
|
||
|
1BF15D6B000
|
heap
|
page read and write
|
||
|
2673EC43000
|
heap
|
page read and write
|
||
|
223FFF66000
|
heap
|
page read and write
|
||
|
85B0A7C000
|
stack
|
page read and write
|
||
|
241B22E0000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
26C61E85000
|
heap
|
page read and write
|
||
|
20344C60000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
223FFF5D000
|
heap
|
page read and write
|
||
|
223FFF5D000
|
heap
|
page read and write
|
||
|
21E82414000
|
heap
|
page read and write
|
||
|
202B1E4D000
|
heap
|
page read and write
|
||
|
1AAA0650000
|
heap
|
page read and write
|
||
|
21E8240D000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
A88EDFF000
|
stack
|
page read and write
|
||
|
2872CFF000
|
stack
|
page read and write
|
||
|
214A3A38000
|
heap
|
page read and write
|
||
|
12D40B60000
|
heap
|
page read and write
|
||
|
2872AFB000
|
stack
|
page read and write
|
||
|
18016C000
|
unkown
|
page readonly
|
||
|
F3B9BFE000
|
unkown
|
page read and write
|
||
|
1BF15D64000
|
heap
|
page read and write
|
||
|
1AAA06A7000
|
heap
|
page read and write
|
||
|
1BF15D5F000
|
heap
|
page read and write
|
||
|
70D6BAE000
|
stack
|
page read and write
|
||
|
21E82425000
|
heap
|
page read and write
|
||
|
12D40B80000
|
heap
|
page read and write
|
||
|
214A3A1D000
|
heap
|
page read and write
|
||
|
22380230000
|
direct allocation
|
page execute and read and write
|
||
|
19A2FA50000
|
heap
|
page read and write
|
||
|
7A7874E000
|
stack
|
page read and write
|
||
|
20344BA0000
|
direct allocation
|
page execute and read and write
|
||
|
2872BFF000
|
unkown
|
page read and write
|
||
|
1BF19070000
|
heap
|
page read and write
|
||
|
A88EE7E000
|
stack
|
page read and write
|
||
|
21E8241F000
|
heap
|
page read and write
|
||
|
21E82411000
|
heap
|
page read and write
|
||
|
223FFEEA000
|
heap
|
page read and write
|
||
|
20344AC0000
|
trusted library allocation
|
page read and write
|
||
|
19A2FB50000
|
heap
|
page read and write
|
||
|
21E8240F000
|
heap
|
page read and write
|
||
|
1800C6000
|
unkown
|
page write copy
|
||
|
223FFF18000
|
heap
|
page read and write
|
||
|
215C2900000
|
heap
|
page read and write
|
||
|
26C61C98000
|
heap
|
page read and write
|
||
|
21E822F0000
|
heap
|
page read and write
|
||
|
1BF15D5C000
|
heap
|
page read and write
|
||
|
20344AC0000
|
trusted library allocation
|
page read and write
|
||
|
22380180000
|
trusted library allocation
|
page read and write
|
||
|
202B2060000
|
heap
|
page read and write
|
||
|
22381B40000
|
direct allocation
|
page execute and read and write
|
||
|
215C298B000
|
heap
|
page read and write
|
||
|
21E823E4000
|
heap
|
page read and write
|
||
|
A88EFFB000
|
stack
|
page read and write
|
||
|
1BF15C90000
|
heap
|
page read and write
|
||
|
7A787CE000
|
stack
|
page read and write
|
||
|
22381EC0000
|
direct allocation
|
page execute and read and write
|
||
|
215C2C10000
|
heap
|
page read and write
|
||
|
215C298D000
|
heap
|
page read and write
|
||
|
1BF15D65000
|
heap
|
page read and write
|
||
|
214A3A10000
|
heap
|
page read and write
|
||
|
202B21A0000
|
heap
|
page read and write
|
||
|
223FFF60000
|
heap
|
page read and write
|
||
|
20344B50000
|
direct allocation
|
page execute and read and write
|
||
|
22381F80000
|
remote allocation
|
page read and write
|
||
|
1BF17820000
|
heap
|
page read and write
|
||
|
22381B50000
|
direct allocation
|
page execute and read and write
|
||
|
241B22CA000
|
heap
|
page read and write
|
||
|
20342F60000
|
heap
|
page read and write
|
||
|
223FFF70000
|
heap
|
page read and write
|
||
|
22380260000
|
direct allocation
|
page execute and read and write
|
||
|
214A3A1B000
|
heap
|
page read and write
|
||
|
214A39D0000
|
heap
|
page read and write
|
||
|
7A78B7E000
|
stack
|
page read and write
|
||
|
1AAA0660000
|
heap
|
page read and write
|
||
|
22382110000
|
direct allocation
|
page execute and read and write
|
||
|
22380180000
|
direct allocation
|
page execute and read and write
|
||
|
7A78AFF000
|
stack
|
page read and write
|
||
|
26C61BB0000
|
heap
|
page read and write
|
||
|
241B22D4000
|
heap
|
page read and write
|
||
|
85B0AFE000
|
stack
|
page read and write
|
||
|
223FFED4000
|
heap
|
page read and write
|
||
|
214A3A36000
|
heap
|
page read and write
|
||
|
22547D4D000
|
heap
|
page read and write
|
||
|
1BF15D5C000
|
heap
|
page read and write
|
||
|
22381F9D000
|
heap
|
page read and write
|
||
|
1800C5000
|
unkown
|
page read and write
|
||
|
665C09A000
|
stack
|
page read and write
|
||
|
26C61E80000
|
heap
|
page read and write
|
||
|
2F8647F000
|
stack
|
page read and write
|
||
|
22547C70000
|
heap
|
page read and write
|
||
|
1BF19110000
|
heap
|
page read and write
|
||
|
241B22D0000
|
heap
|
page read and write
|
||
|
223FFED2000
|
heap
|
page read and write
|
||
|
22382120000
|
direct allocation
|
page execute and read and write
|
||
|
21E825D0000
|
heap
|
page read and write
|
||
|
241B252B000
|
heap
|
page read and write
|
||
|
21E821F0000
|
heap
|
page read and write
|
||
|
1AFCBF40000
|
heap
|
page read and write
|
||
|
241B5E60000
|
heap
|
page read and write
|
||
|
829D37E000
|
stack
|
page read and write
|
||
|
21E823EA000
|
heap
|
page read and write
|
||
|
223FFE40000
|
heap
|
page read and write
|
||
|
223FFF60000
|
heap
|
page read and write
|
||
|
202B1E40000
|
heap
|
page read and write
|
||
|
2673EC2B000
|
heap
|
page read and write
|
||
|
241B22F0000
|
heap
|
page read and write
|
||
|
A88F07F000
|
stack
|
page read and write
|
||
|
19A2F940000
|
heap
|
page read and write
|
||
|
21E823F3000
|
heap
|
page read and write
|
||
|
20344C70000
|
direct allocation
|
page execute and read and write
|
||
|
202B2020000
|
heap
|
page read and write
|
||
|
1800C6000
|
unkown
|
page write copy
|
||
|
21E82415000
|
heap
|
page read and write
|
||
|
22547D49000
|
heap
|
page read and write
|
||
|
1AFCC375000
|
heap
|
page read and write
|
||
|
21E825D5000
|
heap
|
page read and write
|
||
|
D3915FF000
|
stack
|
page read and write
|
||
|
21E82412000
|
heap
|
page read and write
|
||
|
22381F80000
|
remote allocation
|
page read and write
|
||
|
1AAA06A0000
|
heap
|
page read and write
|
||
|
19A2FC60000
|
heap
|
page read and write
|
||
|
829D2FE000
|
stack
|
page read and write
|
||
|
223FFF2E000
|
heap
|
page read and write
|
||
|
1BF15D89000
|
heap
|
page read and write
|
||
|
223FFF33000
|
heap
|
page read and write
|
||
|
1BF15D58000
|
heap
|
page read and write
|
||
|
241B22CA000
|
heap
|
page read and write
|
||
|
223FFE80000
|
heap
|
page read and write
|
||
|
22382130000
|
direct allocation
|
page execute and read and write
|
||
|
2F864FE000
|
stack
|
page read and write
|
||
|
20344B50000
|
direct allocation
|
page execute and read and write
|
||
|
20342FF8000
|
heap
|
page read and write
|
||
|
215C2920000
|
heap
|
page read and write
|
||
|
15B637E000
|
stack
|
page read and write
|
||
|
223FFF70000
|
heap
|
page read and write
|
||
|
1AAA09C0000
|
heap
|
page read and write
|
||
|
1BF15D64000
|
heap
|
page read and write
|
||
|
22380180000
|
trusted library allocation
|
page read and write
|
||
|
26C637F0000
|
heap
|
page read and write
|
||
|
19A2FA5D000
|
heap
|
page read and write
|
||
|
241B2520000
|
heap
|
page read and write
|
||
|
85B0B7E000
|
stack
|
page read and write
|
||
|
223801A0000
|
direct allocation
|
page execute and read and write
|
||
|
12D40A80000
|
heap
|
page read and write
|
||
|
20344B80000
|
direct allocation
|
page execute and read and write
|
||
|
1AAA0680000
|
heap
|
page read and write
|
||
|
21E82403000
|
heap
|
page read and write
|
||
|
70D6E7E000
|
stack
|
page read and write
|
||
|
20344BE0000
|
direct allocation
|
page execute and read and write
|
||
|
223820D0000
|
direct allocation
|
page execute and read and write
|
||
|
20342F80000
|
heap
|
page read and write
|
||
|
223FFF66000
|
heap
|
page read and write
|
||
|
223FFE88000
|
heap
|
page read and write
|
||
|
83688FE000
|
stack
|
page read and write
|
||
|
21E8240A000
|
heap
|
page read and write
|
||
|
20342FFE000
|
heap
|
page read and write
|
||
|
18016C000
|
unkown
|
page readonly
|
||
|
1BF19560000
|
trusted library allocation
|
page read and write
|
||
|
2673EC2D000
|
heap
|
page read and write
|
||
|
1AFCBF20000
|
heap
|
page read and write
|
||
|
22547D40000
|
heap
|
page read and write
|
||
|
21E82419000
|
heap
|
page read and write
|
||
|
1800C5000
|
unkown
|
page read and write
|
||
|
829D27E000
|
stack
|
page read and write
|
||
|
241B24F3000
|
heap
|
page read and write
|
||
|
665C19F000
|
stack
|
page read and write
|
||
|
22381B40000
|
direct allocation
|
page execute and read and write
|
||
|
7A786CB000
|
stack
|
page read and write
|
||
|
21E823C9000
|
heap
|
page read and write
|
||
|
829CFCA000
|
stack
|
page read and write
|
||
|
241B22C7000
|
heap
|
page read and write
|
||
|
15B62FF000
|
stack
|
page read and write
|
||
|
F3B9CFF000
|
stack
|
page read and write
|
||
|
214A3CA0000
|
heap
|
page read and write
|
||
|
241B22DA000
|
heap
|
page read and write
|
||
|
1BF15D6B000
|
heap
|
page read and write
|
||
|
1800C5000
|
unkown
|
page read and write
|
||
|
21E82415000
|
heap
|
page read and write
|
||
|
22381FA8000
|
heap
|
page read and write
|
||
|
22381B50000
|
direct allocation
|
page execute and read and write
|
||
|
18016C000
|
unkown
|
page readonly
|
||
|
1BF15D81000
|
heap
|
page read and write
|
||
|
223FFF66000
|
heap
|
page read and write
|
||
|
214A3A33000
|
heap
|
page read and write
|
||
|
202B1E4B000
|
heap
|
page read and write
|
||
|
241B22DB000
|
heap
|
page read and write
|
||
|
223FFF66000
|
heap
|
page read and write
|
||
|
215C2C20000
|
heap
|
page read and write
|
||
|
21E822D0000
|
heap
|
page read and write
|
||
|
202B1F40000
|
heap
|
page read and write
|
||
|
1AAA09C5000
|
heap
|
page read and write
|
||
|
22380230000
|
direct allocation
|
page execute and read and write
|
||
|
2F8647B000
|
stack
|
page read and write
|
||
|
22382090000
|
direct allocation
|
page execute and read and write
|
||
|
20343310000
|
heap
|
page read and write
|
||
|
241B22B9000
|
heap
|
page read and write
|
||
|
202B1E66000
|
heap
|
page read and write
|
||
|
19A2FA5B000
|
heap
|
page read and write
|
||
|
22382110000
|
direct allocation
|
page execute and read and write
|
||
|
6F27B8F000
|
stack
|
page read and write
|
||
|
F8948FC000
|
stack
|
page read and write
|
||
|
202B2040000
|
heap
|
page read and write
|
||
|
22380290000
|
direct allocation
|
page execute and read and write
|
||
|
A88EC7C000
|
stack
|
page read and write
|
||
|
22382160000
|
direct allocation
|
page execute and read and write
|
||
|
22380250000
|
direct allocation
|
page execute and read and write
|
||
|
22381F90000
|
heap
|
page read and write
|
||
|
1BF16075000
|
heap
|
page read and write
|
||
|
223820D0000
|
direct allocation
|
page execute and read and write
|
||
|
21E8240A000
|
heap
|
page read and write
|
||
|
26C61D90000
|
heap
|
page read and write
|
||
|
A88EEFB000
|
stack
|
page read and write
|
||
|
21E82408000
|
heap
|
page read and write
|
||
|
19A2FA78000
|
heap
|
page read and write
|
||
|
83685CC000
|
stack
|
page read and write
|
||
|
12D40CE5000
|
heap
|
page read and write
|
||
|
1BF15D48000
|
heap
|
page read and write
|
||
|
180086000
|
unkown
|
page readonly
|
||
|
1BF15CC0000
|
heap
|
page read and write
|
||
|
21E823F5000
|
heap
|
page read and write
|
||
|
241B24F0000
|
heap
|
page read and write
|
||
|
21E823E4000
|
heap
|
page read and write
|
||
|
223802A5000
|
heap
|
page read and write
|
||
|
241B5660000
|
trusted library allocation
|
page read and write
|
||
|
1BF15D40000
|
heap
|
page read and write
|
||
|
1BF15CA0000
|
heap
|
page read and write
|
||
|
223FFED9000
|
heap
|
page read and write
|
||
|
21E823C0000
|
heap
|
page read and write
|
||
|
223FFF70000
|
heap
|
page read and write
|
||
|
D3914FF000
|
unkown
|
page read and write
|
||
|
223FFF1C000
|
heap
|
page read and write
|
||
|
223800D0000
|
heap
|
page read and write
|
||
|
223FFF2B000
|
heap
|
page read and write
|
||
|
A88EF7F000
|
stack
|
page read and write
|
||
|
21E8240A000
|
heap
|
page read and write
|
||
|
19A2FA73000
|
heap
|
page read and write
|
||
|
202B1E63000
|
heap
|
page read and write
|
||
|
20344BC0000
|
direct allocation
|
page execute and read and write
|
||
|
22547D58000
|
heap
|
page read and write
|
||
|
241B22B0000
|
heap
|
page read and write
|
||
|
223802A0000
|
heap
|
page read and write
|
||
|
1BF15D65000
|
heap
|
page read and write
|
||
|
241B24C0000
|
heap
|
page read and write
|
||
|
241B2240000
|
heap
|
page read and write
|
||
|
1BF16070000
|
heap
|
page read and write
|
||
|
20343300000
|
trusted library allocation
|
page read and write
|
||
|
1BF1607B000
|
heap
|
page read and write
|
||
|
2673EBD0000
|
heap
|
page read and write
|
||
|
241B22D4000
|
heap
|
page read and write
|
||
|
2673EC20000
|
heap
|
page read and write
|
||
|
20342F50000
|
heap
|
page read and write
|
||
|
223FFF70000
|
heap
|
page read and write
|
||
|
21E823EA000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
26C61E32000
|
direct allocation
|
page execute and read and write
|
||
|
223FFF5D000
|
heap
|
page read and write
|
||
|
39028FF000
|
unkown
|
page read and write
|
||
|
22380180000
|
trusted library allocation
|
page read and write
|
||
|
2673EE60000
|
heap
|
page read and write
|
||
|
1BF15D75000
|
heap
|
page read and write
|
||
|
215C29A2000
|
heap
|
page read and write
|
||
|
22381FA5000
|
heap
|
page read and write
|
There are 355 hidden memdumps, click here to show them.