Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
badata_x64.dll.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll64.exe_33699c824f9c2edcea33082e96eb61413f0e629_606702e6_93a04a0f-f5a5-4238-8707-8e68348ea6b1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_20b35f4e9e7e4ee7dfdaf2f7e2bfa18e82db71be_2631c2b9_7d75c075-c21f-4abb-b272-410a49a270ad\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_20b35f4e9e7e4ee7dfdaf2f7e2bfa18e82db71be_2631c2b9_89437b38-9572-46da-9fa9-bdab69a1f727\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_20b35f4e9e7e4ee7dfdaf2f7e2bfa18e82db71be_2631c2b9_95596a0f-33ed-48ac-9d1b-a100d67c7c53\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_20b35f4e9e7e4ee7dfdaf2f7e2bfa18e82db71be_2631c2b9_fb8576ae-1f92-4593-b2a8-4ec6080766d6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_31793adb08f1679e480d49537b44d5657e0eb9d_2631c2b9_53cea94a-5e5d-4b98-9d19-9416f69297f1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_31793adb08f1679e480d49537b44d5657e0eb9d_2631c2b9_95798867-7b70-41f8-99c5-d59a644d3dc3\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_31793adb08f1679e480d49537b44d5657e0eb9d_2631c2b9_ea3eaa38-4707-4dc2-90ab-b2db92566c5c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_bad_31793adb08f1679e480d49537b44d5657e0eb9d_2631c2b9_ebf9c3e4-6606-465a-a0ee-a6f73001d978\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AF9.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat May 4 11:53:05 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B09.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat May 4 11:53:05 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C04.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C24.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C82.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CB2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA682.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat May 4 11:53:08 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA897.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA8D6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB400.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat May 4 11:53:11 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4AC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4EC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE7F.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 4 11:53:14 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF0D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF5C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3FD.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 4 11:53:15 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC4D9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA29.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE457.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 4 11:53:23 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE4D5.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE524.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREFEF.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 4 11:53:26 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF03E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF06E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFEB5.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 4 11:53:30 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF04.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF53.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 28 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\badata_x64.dll.dll"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\badata_x64.dll.dll",#1
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\badata_x64.dll.dll,Abort
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\badata_x64.dll.dll",#1
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6504 -s 528
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6600 -s 536
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\badata_x64.dll.dll,AddBurnDevice
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5572 -s 528
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(79)/
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=2036,i,18134803902397787512,7146960864463359065,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\badata_x64.dll.dll,AddDir
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7512 -s 528
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6244 -s 588
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6600 -s 384
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7512 -s 656
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6504 -s 600
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5572 -s 604
|
There are 8 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
google.com
|
142.250.189.14
|
||
www.google.com
|
142.250.217.132
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
142.250.217.132
|
www.google.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
192.168.2.4
|
unknown
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
OriginalFileName
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageFullName
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
\REGISTRY\A\{2932a8d5-e094-e458-8c00-1b76c8b94007}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Usn
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
ProgramId
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
FileId
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
LowerCaseLongPath
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
LongPathHash
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Name
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
OriginalFileName
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Publisher
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Version
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
BinFileVersion
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
BinaryType
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
ProductName
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
ProductVersion
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
LinkDate
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
BinProductVersion
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
AppxPackageFullName
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Size
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Language
|
||
\REGISTRY\A\{7f287f42-713a-e01c-77c1-312687845741}\Root\InventoryApplicationFile\loaddll64.exe|f3d72086358f9008
|
Usn
|
There are 29 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
6410D7F000
|
stack
|
page read and write
|
||
1762C760000
|
heap
|
page read and write
|
||
FD3C10A000
|
stack
|
page read and write
|
||
1F20D890000
|
heap
|
page read and write
|
||
286C8AA0000
|
trusted library allocation
|
page read and write
|
||
2874E3C0000
|
heap
|
page read and write
|
||
286C55D0000
|
heap
|
page read and write
|
||
286C6DB0000
|
heap
|
page read and write
|
||
1762C7BE000
|
heap
|
page read and write
|
||
1F20BC7B000
|
heap
|
page read and write
|
||
221018A6000
|
heap
|
page read and write
|
||
1762C6E0000
|
heap
|
page read and write
|
||
1762C6DB000
|
heap
|
page read and write
|
||
221018A9000
|
heap
|
page read and write
|
||
221030A0000
|
heap
|
page read and write
|
||
2874E2C0000
|
heap
|
page read and write
|
||
286C53CC000
|
heap
|
page read and write
|
||
286C8660000
|
heap
|
page read and write
|
||
2874E1E0000
|
heap
|
page read and write
|
||
22101A8B000
|
heap
|
page read and write
|
||
1F20BC82000
|
heap
|
page read and write
|
||
221018AD000
|
heap
|
page read and write
|
||
1762FC03000
|
heap
|
page read and write
|
||
1F20BDD0000
|
heap
|
page read and write
|
||
22103153000
|
heap
|
page read and write
|
||
1F20F4B0000
|
trusted library allocation
|
page read and write
|
||
286C5290000
|
heap
|
page read and write
|
||
1F20BE35000
|
heap
|
page read and write
|
||
22101760000
|
heap
|
page read and write
|
||
286C8663000
|
heap
|
page read and write
|
||
1F20BBC0000
|
heap
|
page read and write
|
||
1762C5C0000
|
heap
|
page read and write
|
||
1762C84A000
|
heap
|
page read and write
|
||
1F20BDB0000
|
heap
|
page read and write
|
||
2874E360000
|
heap
|
page read and write
|
||
22101A85000
|
heap
|
page read and write
|
||
6B2CFDA000
|
stack
|
page read and write
|
||
BC248CA000
|
stack
|
page read and write
|
||
286C55EB000
|
heap
|
page read and write
|
||
1F20BE30000
|
heap
|
page read and write
|
||
286C53D6000
|
heap
|
page read and write
|
||
286C53D9000
|
heap
|
page read and write
|
||
1762C846000
|
heap
|
page read and write
|
||
BC249CE000
|
stack
|
page read and write
|
||
1762E0D0000
|
heap
|
page read and write
|
||
221017F8000
|
heap
|
page read and write
|
||
FD3C4FE000
|
stack
|
page read and write
|
||
2874E3F9000
|
heap
|
page read and write
|
||
6B2D2FF000
|
stack
|
page read and write
|
||
1F20BC70000
|
heap
|
page read and write
|
||
1762FC00000
|
heap
|
page read and write
|
||
22104F70000
|
trusted library allocation
|
page read and write
|
||
B0864FE000
|
stack
|
page read and write
|
||
221018A9000
|
heap
|
page read and write
|
||
1762FF50000
|
trusted library allocation
|
page read and write
|
||
1762C6D5000
|
heap
|
page read and write
|
||
1F20BC78000
|
heap
|
page read and write
|
||
286C51B0000
|
heap
|
page read and write
|
||
1F20BC9F000
|
heap
|
page read and write
|
||
221017F0000
|
heap
|
page read and write
|
||
1F20BBC7000
|
heap
|
page read and write
|
||
1762E320000
|
heap
|
page read and write
|
||
1F20D610000
|
heap
|
page read and write
|
||
6B2D27D000
|
stack
|
page read and write
|
||
B0861FC000
|
stack
|
page read and write
|
||
221018A1000
|
heap
|
page read and write
|
||
B0865FE000
|
stack
|
page read and write
|
||
6410CFF000
|
stack
|
page read and write
|
||
1F20D640000
|
heap
|
page read and write
|
||
286C85A0000
|
heap
|
page read and write
|
||
2874E3C9000
|
heap
|
page read and write
|
||
22101660000
|
heap
|
page read and write
|
||
286C55E5000
|
heap
|
page read and write
|
||
1F20BE3B000
|
heap
|
page read and write
|
||
286C52B0000
|
heap
|
page read and write
|
||
1F20BC78000
|
heap
|
page read and write
|
||
22103150000
|
heap
|
page read and write
|
||
1762C750000
|
heap
|
page read and write
|
||
1762C849000
|
heap
|
page read and write
|
||
6410C7A000
|
stack
|
page read and write
|
||
22101740000
|
heap
|
page read and write
|
||
1F20BC6A000
|
heap
|
page read and write
|
||
221017C0000
|
heap
|
page read and write
|
||
2874FF30000
|
heap
|
page read and write
|
||
1F20D620000
|
heap
|
page read and write
|
||
2210181D000
|
heap
|
page read and write
|
||
1762C6A0000
|
heap
|
page read and write
|
||
286C55E0000
|
heap
|
page read and write
|
||
286C53DA000
|
heap
|
page read and write
|
||
2210189B000
|
heap
|
page read and write
|
||
221018AA000
|
heap
|
page read and write
|
||
1F20BBCE000
|
heap
|
page read and write
|
||
1762C6D0000
|
heap
|
page read and write
|
||
1F20BCD0000
|
heap
|
page read and write
|
||
286C53D1000
|
heap
|
page read and write
|
||
221033E0000
|
heap
|
page read and write
|
||
22101A80000
|
heap
|
page read and write
|
||
1F20F110000
|
heap
|
page read and write
|
||
286C53F7000
|
heap
|
page read and write
|
||
286C53D9000
|
heap
|
page read and write
|
||
286C6E40000
|
heap
|
page read and write
|
||
FD3C47E000
|
stack
|
page read and write
|
||
1F20F113000
|
heap
|
page read and write
|
||
1762C798000
|
heap
|
page read and write
|
||
2874E3CD000
|
heap
|
page read and write
|
||
1762C841000
|
heap
|
page read and write
|
||
BC2494F000
|
stack
|
page read and write
|
||
1762C83B000
|
heap
|
page read and write
|
||
286C5328000
|
heap
|
page read and write
|
||
1762C849000
|
heap
|
page read and write
|
||
2874E3F6000
|
heap
|
page read and write
|
||
FD3C18D000
|
stack
|
page read and write
|
||
22103190000
|
heap
|
page read and write
|
||
286C5320000
|
heap
|
page read and write
|
||
2874E5F0000
|
heap
|
page read and write
|
||
2874E2F0000
|
heap
|
page read and write
|
||
1762C790000
|
heap
|
page read and write
|
||
1F20BC75000
|
heap
|
page read and write
|
There are 108 hidden memdumps, click here to show them.