Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
3j6e3XaMWM.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x495d275e, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3j6_fba2cce65653fd470a47b32105056b8d0cbec86_8bb0f05f_08946e59\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDCD7.tmp.dmp
|
Mini DuMP crash report, 15 streams, Sat May 14 11:44:53 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDFC6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE18C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE245.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE4C7.tmp.txt
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\3j6e3XaMWM.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\3j6e3XaMWM.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\3j6e3XaMWM.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\3j6e3XaMWM.dll,DllUnregisterServer
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\THydtigNYD\IHlj.dll"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\3j6e3XaMWM.dll"
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\3j6e3XaMWM.dll",#1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 468 -p 4308 -ip 4308
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 4308 -s 328
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://23.239.0.12/
|
23.239.0.12
|
|
|
|
http://crl.ver)
|
unknown
|
||
|
http://schemas.xmlsoap.o
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.239.0.12
|
unknown
|
United States
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-100
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\ci.dll,-101
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
||
|
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProgramId
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
FileId
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LongPathHash
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Name
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Publisher
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Version
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinFileVersion
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinaryType
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductName
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
ProductVersion
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
LinkDate
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
BinProductVersion
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Size
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
Language
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsPeFile
|
||
|
\REGISTRY\A\{a41d64f6-1f13-a828-b12a-8a93160e0d61}\Root\InventoryApplicationFile\rundll32.exe|c8d854bf61fafc41
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
There are 17 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
22E50210000
|
direct allocation
|
page execute and read and write
|
|
|
|
2C50000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
22E50210000
|
direct allocation
|
page execute and read and write
|
|
|
|
1B484850000
|
direct allocation
|
page execute and read and write
|
|
|
|
22E50210000
|
direct allocation
|
page execute and read and write
|
|
|
|
209E1550000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
8D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
180001000
|
direct allocation
|
page execute read
|
|
|
|
7FB017B000
|
stack
|
page read and write
|
||
|
21E33C91000
|
heap
|
page read and write
|
||
|
20683A13000
|
heap
|
page read and write
|
||
|
237F7908000
|
heap
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
20689410000
|
trusted library allocation
|
page read and write
|
||
|
2294D180000
|
heap
|
page read and write
|
||
|
2294D275000
|
heap
|
page read and write
|
||
|
1EA6F502000
|
heap
|
page read and write
|
||
|
20683A69000
|
heap
|
page read and write
|
||
|
8C7367B000
|
stack
|
page read and write
|
||
|
657F1F9000
|
stack
|
page read and write
|
||
|
20683A00000
|
heap
|
page read and write
|
||
|
1D59DE3C000
|
heap
|
page read and write
|
||
|
BD5000
|
heap
|
page read and write
|
||
|
20689400000
|
trusted library allocation
|
page read and write
|
||
|
22E50000000
|
heap
|
page read and write
|
||
|
27A4B428000
|
heap
|
page read and write
|
||
|
1B482EC3000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1D59E75D000
|
heap
|
page read and write
|
||
|
206890A2000
|
heap
|
page read and write
|
||
|
15469CF000
|
stack
|
page read and write
|
||
|
22E502B0000
|
heap
|
page read and write
|
||
|
27A4B400000
|
unkown
|
page read and write
|
||
|
20684AE0000
|
trusted library section
|
page readonly
|
||
|
1D59EB50000
|
remote allocation
|
page read and write
|
||
|
7FFF2E061000
|
unkown
|
page execute read
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
1D59DE4E000
|
heap
|
page read and write
|
||
|
7FFF2E0B6000
|
unkown
|
page read and write
|
||
|
9CEA27E000
|
stack
|
page read and write
|
||
|
9CE98EB000
|
stack
|
page read and write
|
||
|
21C3F57D000
|
heap
|
page read and write
|
||
|
20689321000
|
trusted library allocation
|
page read and write
|
||
|
657E33B000
|
stack
|
page read and write
|
||
|
E4067C000
|
stack
|
page read and write
|
||
|
137D000
|
heap
|
page read and write
|
||
|
7FFF2E061000
|
unkown
|
page execute read
|
||
|
206839F3000
|
trusted library allocation
|
page read and write
|
||
|
20684559000
|
heap
|
page read and write
|
||
|
20516463000
|
heap
|
page read and write
|
||
|
209E15B4000
|
heap
|
page read and write
|
||
|
CFF487E000
|
stack
|
page read and write
|
||
|
237F7902000
|
heap
|
page read and write
|
||
|
7FFF2E0B6000
|
unkown
|
page read and write
|
||
|
7FFF2E061000
|
unkown
|
page execute read
|
||
|
1D59DE47000
|
heap
|
page read and write
|
||
|
22E51C54000
|
heap
|
page read and write
|
||
|
1EA6F487000
|
heap
|
page read and write
|
||
|
1381000
|
heap
|
page read and write
|
||
|
21E33F20000
|
heap
|
page read and write
|
||
|
20684518000
|
heap
|
page read and write
|
||
|
62D867D000
|
stack
|
page read and write
|
||
|
20684518000
|
heap
|
page read and write
|
||
|
237F789B000
|
heap
|
page read and write
|
||
|
E405FE000
|
stack
|
page read and write
|
||
|
7FFF2E0B2000
|
unkown
|
page readonly
|
||
|
20689061000
|
heap
|
page read and write
|
||
|
62D89F7000
|
stack
|
page read and write
|
||
|
12E4000
|
heap
|
page read and write
|
||
|
2294D190000
|
heap
|
page read and write
|
||
|
1D59DE29000
|
heap
|
page read and write
|
||
|
20689450000
|
remote allocation
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
27A4B613000
|
heap
|
page read and write
|
||
|
CFF49FF000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
22E4FFA0000
|
heap
|
page read and write
|
||
|
1D59DEEC000
|
heap
|
page read and write
|
||
|
20684B10000
|
trusted library section
|
page readonly
|
||
|
2294D302000
|
heap
|
page read and write
|
||
|
7FFF2E0B9000
|
unkown
|
page readonly
|
||
|
20516320000
|
heap
|
page read and write
|
||
|
20683A5F000
|
heap
|
page read and write
|
||
|
21E34BC0000
|
trusted library allocation
|
page read and write
|
||
|
1B482ED4000
|
heap
|
page read and write
|
||
|
1D59DC50000
|
heap
|
page read and write
|
||
|
209E1580000
|
heap
|
page readonly
|
||
|
21E33D60000
|
heap
|
page read and write
|
||
|
136A000
|
heap
|
page read and write
|
||
|
21E33B10000
|
trusted library allocation
|
page read and write
|
||
|
7FFF2E0B2000
|
unkown
|
page readonly
|
||
|
209E15B0000
|
heap
|
page read and write
|
||
|
22E50240000
|
heap
|
page readonly
|
||
|
1D59DE4D000
|
heap
|
page read and write
|
||
|
209DFC24000
|
heap
|
page read and write
|
||
|
2051646E000
|
heap
|
page read and write
|
||
|
21C3F57D000
|
heap
|
page read and write
|
||
|
AE2C6ED000
|
stack
|
page read and write
|
||
|
22E502D0000
|
heap
|
page read and write
|
||
|
9CEA07E000
|
stack
|
page read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
237F7913000
|
heap
|
page read and write
|
||
|
20516C02000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
heap
|
page readonly
|
||
|
237F7790000
|
trusted library allocation
|
page read and write
|
||
|
237F784B000
|
heap
|
page read and write
|
||
|
E404FF000
|
stack
|
page read and write
|
||
|
22E51C50000
|
heap
|
page read and write
|
||
|
20689015000
|
heap
|
page read and write
|
||
|
130D000
|
heap
|
page read and write
|
||
|
657EEFE000
|
stack
|
page read and write
|
||
|
1B482ED4000
|
heap
|
page read and write
|
||
|
962000
|
heap
|
page read and write
|
||
|
657E97A000
|
stack
|
page read and write
|
||
|
62D837B000
|
stack
|
page read and write
|
||
|
22E502D0000
|
heap
|
page read and write
|
||
|
59B07FE000
|
stack
|
page read and write
|
||
|
194531C8000
|
heap
|
page read and write
|
||
|
62D8BFF000
|
stack
|
page read and write
|
||
|
237F7870000
|
heap
|
page read and write
|
||
|
21E33C87000
|
heap
|
page read and write
|
||
|
20683A8C000
|
heap
|
page read and write
|
||
|
1D59E71B000
|
heap
|
page read and write
|
||
|
21E34C10000
|
trusted library allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
12AA000
|
heap
|
page read and write
|
||
|
7FFF2E0B9000
|
unkown
|
page readonly
|
||
|
27A4B602000
|
heap
|
page read and write
|
||
|
27A4B500000
|
trusted library allocation
|
page read and write
|
||
|
22E502D5000
|
heap
|
page read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
1D59DE4B000
|
heap
|
page read and write
|
||
|
2294D259000
|
heap
|
page read and write
|
||
|
20683A93000
|
heap
|
page read and write
|
||
|
22E4FF30000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
289B000
|
stack
|
page read and write
|
||
|
9CE9D7F000
|
stack
|
page read and write
|
||
|
2294D213000
|
heap
|
page read and write
|
||
|
20516502000
|
heap
|
page read and write
|
||
|
237F7854000
|
heap
|
page read and write
|
||
|
209DFB85000
|
heap
|
page read and write
|
||
|
20689300000
|
trusted library allocation
|
page read and write
|
||
|
22E50240000
|
heap
|
page readonly
|
||
|
7FFF2E061000
|
unkown
|
page execute read
|
||
|
1220000
|
remote allocation
|
page read and write
|
||
|
7FFF2E061000
|
unkown
|
page execute read
|
||
|
954DEFF000
|
stack
|
page read and write
|
||
|
1EA6F470000
|
heap
|
page read and write
|
||
|
1B483210000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
281F000
|
stack
|
page read and write
|
||
|
1D59DEB4000
|
heap
|
page read and write
|
||
|
20689430000
|
trusted library allocation
|
page read and write
|
||
|
1EA6F513000
|
heap
|
page read and write
|
||
|
7FFF2E0B2000
|
unkown
|
page readonly
|
||
|
7FFF2E0B9000
|
unkown
|
page readonly
|
||
|
2ECC000
|
stack
|
page read and write
|
||
|
1B484900000
|
heap
|
page read and write
|
||
|
21C3F596000
|
heap
|
page read and write
|
||
|
7FFF2E0B6000
|
unkown
|
page read and write
|
||
|
7FFF2E0B6000
|
unkown
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
62D83FE000
|
stack
|
page read and write
|
||
|
1D59EB50000
|
remote allocation
|
page read and write
|
||
|
954DE7F000
|
stack
|
page read and write
|
||
|
1D59DDB0000
|
trusted library allocation
|
page read and write
|
||
|
209DFC24000
|
heap
|
page read and write
|
||
|
20516BC0000
|
trusted library allocation
|
page read and write
|
||
|
20689300000
|
trusted library allocation
|
page read and write
|
||
|
8C738FF000
|
stack
|
page read and write
|
||
|
22E4FF30000
|
unkown
|
page read and write
|
||
|
8C73AF7000
|
stack
|
page read and write
|
||
|
62D887B000
|
stack
|
page read and write
|
||
|
657ECFE000
|
stack
|
page read and write
|
||
|
1D59E700000
|
heap
|
page read and write
|
||
|
1EA6F43C000
|
heap
|
page read and write
|
||
|
1EA6F452000
|
heap
|
page read and write
|
||
|
21E33B00000
|
heap
|
page read and write
|
||
|
1EA6F44D000
|
heap
|
page read and write
|
||
|
2F10000
|
remote allocation
|
page read and write
|
||
|
657EA7E000
|
stack
|
page read and write
|
||
|
657E778000
|
stack
|
page read and write
|
||
|
22E501E0000
|
heap
|
page read and write
|
||
|
9CE99EE000
|
stack
|
page read and write
|
||
|
237F7900000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
7FFF2E060000
|
unkown
|
page readonly
|
||
|
22E5000B000
|
heap
|
page read and write
|
||
|
27A4B270000
|
heap
|
page read and write
|
||
|
27A4B402000
|
unkown
|
page read and write
|
||
|
CFF4A7F000
|
stack
|
page read and write
|
||
|
1332000
|
heap
|
page read and write
|
||
|
59B05FB000
|
stack
|
page read and write
|
||
|
8C73BFC000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
1EA6F429000
|
heap
|
page read and write
|
||
|
7FFF2E0B6000
|
unkown
|
page read and write
|
||
|
209E1520000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
20684400000
|
heap
|
page read and write
|
||
|
7FFF2E061000
|
unkown
|
page execute read
|
||
|
194531A0000
|
heap
|
page read and write
|
||
|
21E33D40000
|
heap
|
page read and write
|
||
|
22E4FFC0000
|
heap
|
page read and write
|
||
|
4F5000
|
stack
|
page read and write
|
||
|
22E501E0000
|
heap
|
page read and write
|
||
|
20684B30000
|
trusted library section
|
page readonly
|
||
|
7FFF2E061000
|
unkown
|
page execute read
|
||
|
22E502A0000
|
remote allocation
|
page read and write
|
||
|
59B01FE000
|
stack
|
page read and write
|
||
|
1D59DE6A000
|
heap
|
page read and write
|
||
|
2294DA90000
|
trusted library allocation
|
page read and write
|
||
|
1D59DEE1000
|
heap
|
page read and write
|
||
|
2068903D000
|
heap
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
237F784F000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1D59E602000
|
heap
|
page read and write
|
||
|
22E4FF30000
|
unkown
|
page read and write
|
||
|
27A4B413000
|
unkown
|
page read and write
|
||
|
E4077B000
|
stack
|
page read and write
|
||
|
1600000
|
direct allocation
|
page execute and read and write
|
||
|
20683AFD000
|
heap
|
page read and write
|
||
|
1D59DEFB000
|
heap
|
page read and write
|
||
|
2068904A000
|
heap
|
page read and write
|
||
|
1D59DF02000
|
heap
|
page read and write
|
||
|
20683A67000
|
heap
|
page read and write
|
||
|
209DFC3E000
|
heap
|
page read and write
|
||
|
27A4B502000
|
trusted library allocation
|
page read and write
|
||
|
20689000000
|
heap
|
page read and write
|
||
|
32FD000
|
stack
|
page read and write
|
||
|
9CE9F77000
|
stack
|
page read and write
|
||
|
22E50200000
|
direct allocation
|
page execute and read and write
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
22E5000B000
|
heap
|
page read and write
|
||
|
CFF4979000
|
stack
|
page read and write
|
||
|
21E34940000
|
trusted library allocation
|
page read and write
|
||
|
20688F60000
|
trusted library allocation
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1D59DEAD000
|
heap
|
page read and write
|
||
|
8C7377D000
|
stack
|
page read and write
|
||
|
1D59DEC7000
|
heap
|
page read and write
|
||
|
21C3F573000
|
heap
|
page read and write
|
||
|
1B482E90000
|
heap
|
page read and write
|
||
|
94B917C000
|
stack
|
page read and write
|
||
|
237F7620000
|
heap
|
page read and write
|
||
|
1D59DCB0000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page readonly
|
||
|
20689324000
|
trusted library allocation
|
page read and write
|
||
|
209DFC0E000
|
heap
|
page read and write
|
||
|
22E502D5000
|
heap
|
page read and write
|
||
|
21C3F58F000
|
heap
|
page read and write
|
||
|
94B907E000
|
stack
|
page read and write
|
||
|
1EA6F47E000
|
heap
|
page read and write
|
||
|
2068930E000
|
trusted library allocation
|
page read and write
|
||
|
226F000
|
stack
|
page read and write
|
||
|
1D59DE48000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
8C739FB000
|
stack
|
page read and write
|
||
|
21C3F550000
|
heap
|
page read and write
|
||
|
206843F0000
|
trusted library allocation
|
page read and write
|
||
|
1D59DEA8000
|
heap
|
page read and write
|
||
|
1EA6F413000
|
heap
|
page read and write
|
||
|
21C3F581000
|
heap
|
page read and write
|
||
|
21E33F29000
|
heap
|
page read and write
|
||
|
22E50200000
|
direct allocation
|
page execute and read and write
|
||
|
2294D270000
|
heap
|
page read and write
|
||
|
9CE9E7A000
|
stack
|
page read and write
|
||
|
1D59DEC0000
|
heap
|
page read and write
|
||
|
1D59E77D000
|
heap
|
page read and write
|
||
|
1D59DEEA000
|
heap
|
page read and write
|
||
|
1D59DE00000
|
heap
|
page read and write
|
||
|
20516413000
|
heap
|
page read and write
|
||
|
94B8B6B000
|
stack
|
page read and write
|
||
|
1D59E75B000
|
heap
|
page read and write
|
||
|
237F7850000
|
heap
|
page read and write
|
||
|
20516500000
|
heap
|
page read and write
|
||
|
21C3F594000
|
heap
|
page read and write
|
||
|
27A4B40D000
|
unkown
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
7FFF2E0B2000
|
unkown
|
page readonly
|
||
|
E406FE000
|
stack
|
page read and write
|
||
|
7FFF2E0B2000
|
unkown
|
page readonly
|
||
|
7FFF2E060000
|
unkown
|
page readonly
|
||
|
21E33F25000
|
heap
|
page read and write
|
||
|
209DFB80000
|
heap
|
page read and write
|
||
|
657EE7E000
|
stack
|
page read and write
|
||
|
1D59E74A000
|
heap
|
page read and write
|
||
|
1D59DF08000
|
heap
|
page read and write
|
||
|
7FB007E000
|
stack
|
page read and write
|
||
|
2F10000
|
remote allocation
|
page read and write
|
||
|
27A4B700000
|
heap
|
page read and write
|
||
|
7FFF2E060000
|
unkown
|
page readonly
|
||
|
8C73CFF000
|
stack
|
page read and write
|
||
|
20683B02000
|
heap
|
page read and write
|
||
|
237F783C000
|
heap
|
page read and write
|
||
|
1EA6F400000
|
heap
|
page read and write
|
||
|
20688FF0000
|
trusted library allocation
|
page read and write
|
||
|
130A000
|
heap
|
page read and write
|
||
|
206893C0000
|
trusted library allocation
|
page read and write
|
||
|
2294D23C000
|
heap
|
page read and write
|
||
|
1EA6F200000
|
heap
|
page read and write
|
||
|
20688FF0000
|
trusted library allocation
|
page read and write
|
||
|
1D59DE55000
|
heap
|
page read and write
|
||
|
206890F8000
|
heap
|
page read and write
|
||
|
347B000
|
stack
|
page read and write
|
||
|
1546D7E000
|
stack
|
page read and write
|
||
|
AE2CDF9000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
20688FE0000
|
trusted library allocation
|
page read and write
|
||
|
20516440000
|
heap
|
page read and write
|
||
|
94B8F79000
|
stack
|
page read and write
|
||
|
7FFF2E060000
|
unkown
|
page readonly
|
||
|
1D59DE89000
|
heap
|
page read and write
|
||
|
2F10000
|
remote allocation
|
page read and write
|
||
|
1D59DE56000
|
heap
|
page read and write
|
||
|
1EA6FC02000
|
trusted library allocation
|
page read and write
|
||
|
954DE7F000
|
stack
|
page read and write
|
||
|
130A000
|
heap
|
page read and write
|
||
|
2DD0000
|
trusted library allocation
|
page read and write
|
||
|
1D59DEA1000
|
heap
|
page read and write
|
||
|
237F7800000
|
heap
|
page read and write
|
||
|
59B06F7000
|
stack
|
page read and write
|
||
|
20689102000
|
heap
|
page read and write
|
||
|
20684B40000
|
trusted library allocation
|
page read and write
|
||
|
20689320000
|
trusted library allocation
|
page read and write
|
||
|
23D4000
|
heap
|
page read and write
|
||
|
237F7630000
|
heap
|
page read and write
|
||
|
136A000
|
heap
|
page read and write
|
||
|
2294D27B000
|
heap
|
page read and write
|
||
|
206890FA000
|
heap
|
page read and write
|
||
|
20683A9E000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1D59DF13000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
657F0FA000
|
stack
|
page read and write
|
||
|
206890DA000
|
heap
|
page read and write
|
||
|
20516513000
|
heap
|
page read and write
|
||
|
206838E0000
|
heap
|
page read and write
|
||
|
237F8002000
|
trusted library allocation
|
page read and write
|
||
|
12E4000
|
heap
|
page read and write
|
||
|
1D59DE13000
|
heap
|
page read and write
|
||
|
1D59E77D000
|
heap
|
page read and write
|
||
|
8C736FF000
|
stack
|
page read and write
|
||
|
2294D313000
|
heap
|
page read and write
|
||
|
21C3F577000
|
heap
|
page read and write
|
||
|
1B484880000
|
heap
|
page readonly
|
||
|
657EDFE000
|
stack
|
page read and write
|
||
|
7FFF2E060000
|
unkown
|
page readonly
|
||
|
236E000
|
stack
|
page read and write
|
||
|
59B00FC000
|
stack
|
page read and write
|
||
|
20689100000
|
heap
|
page read and write
|
||
|
2068901F000
|
heap
|
page read and write
|
||
|
E401D5000
|
stack
|
page read and write
|
||
|
2294D1F0000
|
heap
|
page read and write
|
||
|
7FAFF7F000
|
stack
|
page read and write
|
||
|
20683B13000
|
heap
|
page read and write
|
||
|
237F7690000
|
heap
|
page read and write
|
||
|
20516402000
|
heap
|
page read and write
|
||
|
7FFF2E0B2000
|
unkown
|
page readonly
|
||
|
12E1000
|
heap
|
page read and write
|
||
|
2294DC02000
|
trusted library allocation
|
page read and write
|
||
|
954DE7F000
|
stack
|
page read and write
|
||
|
27A4B439000
|
heap
|
page read and write
|
||
|
7FFF2E0B6000
|
unkown
|
page read and write
|
||
|
7FFF2E0B2000
|
unkown
|
page readonly
|
||
|
1B483200000
|
direct allocation
|
page execute and read and write
|
||
|
E4047E000
|
stack
|
page read and write
|
||
|
194531C0000
|
heap
|
page read and write
|
||
|
19453130000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
22E4FFC0000
|
heap
|
page read and write
|
||
|
21C3F567000
|
heap
|
page read and write
|
||
|
206843D1000
|
trusted library allocation
|
page read and write
|
||
|
209DFBB0000
|
heap
|
page read and write
|
||
|
21E348E0000
|
trusted library allocation
|
page read and write
|
||
|
136A000
|
heap
|
page read and write
|
||
|
20684500000
|
heap
|
page read and write
|
||
|
1EA6F44B000
|
heap
|
page read and write
|
||
|
21C3F55B000
|
heap
|
page read and write
|
||
|
20683990000
|
trusted library section
|
page read and write
|
||
|
954DEFF000
|
stack
|
page read and write
|
||
|
27A4B523000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
7FFF2E060000
|
unkown
|
page readonly
|
||
|
94B8FF9000
|
stack
|
page read and write
|
||
|
1B484980000
|
heap
|
page read and write
|
||
|
209DFB30000
|
heap
|
page read and write
|
||
|
954DBA6000
|
stack
|
page read and write
|
||
|
7FFF2E0B9000
|
unkown
|
page readonly
|
||
|
237F7847000
|
heap
|
page read and write
|
||
|
2294D300000
|
heap
|
page read and write
|
||
|
22E502A0000
|
remote allocation
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
133B000
|
heap
|
page read and write
|
||
|
21C3F579000
|
heap
|
page read and write
|
||
|
1332000
|
heap
|
page read and write
|
||
|
21C3F575000
|
heap
|
page read and write
|
||
|
1B484984000
|
heap
|
page read and write
|
||
|
1D59E702000
|
heap
|
page read and write
|
||
|
206890FC000
|
heap
|
page read and write
|
||
|
94B90F9000
|
stack
|
page read and write
|
||
|
FF5000
|
stack
|
page read and write
|
||
|
657EBFE000
|
stack
|
page read and write
|
||
|
1EA6F44F000
|
heap
|
page read and write
|
||
|
CFF4AF9000
|
stack
|
page read and write
|
||
|
2F34000
|
heap
|
page read and write
|
||
|
657EFFE000
|
stack
|
page read and write
|
||
|
1EA6F500000
|
heap
|
page read and write
|
||
|
20683A29000
|
heap
|
page read and write
|
||
|
1220000
|
remote allocation
|
page read and write
|
||
|
22E4FFC0000
|
heap
|
page read and write
|
||
|
133B000
|
heap
|
page read and write
|
||
|
5D910FD000
|
stack
|
page read and write
|
||
|
1D59DE51000
|
heap
|
page read and write
|
||
|
657E87A000
|
stack
|
page read and write
|
||
|
21E34BA0000
|
heap
|
page readonly
|
||
|
22E5000B000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
20516428000
|
heap
|
page read and write
|
||
|
22E502B0000
|
heap
|
page read and write
|
||
|
20689102000
|
heap
|
page read and write
|
||
|
657EC7E000
|
stack
|
page read and write
|
||
|
33FF000
|
stack
|
page read and write
|
||
|
22E51C54000
|
heap
|
page read and write
|
||
|
7FAFE7B000
|
stack
|
page read and write
|
||
|
237F785E000
|
heap
|
page read and write
|
||
|
1D59E71D000
|
heap
|
page read and write
|
||
|
237F787C000
|
heap
|
page read and write
|
||
|
1B482E30000
|
heap
|
page read and write
|
||
|
E4057E000
|
stack
|
page read and write
|
||
|
21C3F830000
|
heap
|
page read and write
|
||
|
21E348D0000
|
trusted library allocation
|
page read and write
|
||
|
27A4B713000
|
heap
|
page read and write
|
||
|
954DBA6000
|
stack
|
page read and write
|
||
|
9CE9CFC000
|
stack
|
page read and write
|
||
|
237F785E000
|
heap
|
page read and write
|
||
|
22E502B0000
|
heap
|
page read and write
|
||
|
209E1540000
|
direct allocation
|
page execute and read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
209DFB50000
|
heap
|
page read and write
|
||
|
7FFF2E060000
|
unkown
|
page readonly
|
||
|
22E50000000
|
heap
|
page read and write
|
||
|
1D59EB50000
|
remote allocation
|
page read and write
|
||
|
1B484830000
|
heap
|
page read and write
|
||
|
21C3F835000
|
heap
|
page read and write
|
||
|
22E501E0000
|
heap
|
page read and write
|
||
|
2294D26E000
|
heap
|
page read and write
|
||
|
21E33F30000
|
trusted library allocation
|
page read and write
|
||
|
20689334000
|
trusted library allocation
|
page read and write
|
||
|
2068905E000
|
heap
|
page read and write
|
||
|
657EB7B000
|
stack
|
page read and write
|
||
|
7FFF2E0B9000
|
unkown
|
page readonly
|
||
|
1546946000
|
stack
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
62D8AFE000
|
stack
|
page read and write
|
||
|
20684513000
|
heap
|
page read and write
|
||
|
CFF45AF000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
1B483215000
|
heap
|
page read and write
|
||
|
1D59DEED000
|
heap
|
page read and write
|
||
|
206890F2000
|
heap
|
page read and write
|
||
|
206838F0000
|
heap
|
page read and write
|
||
|
1D59E75E000
|
heap
|
page read and write
|
||
|
205162B0000
|
heap
|
page read and write
|
||
|
1B482E50000
|
heap
|
page read and write
|
||
|
20683950000
|
heap
|
page read and write
|
||
|
20516400000
|
heap
|
page read and write
|
||
|
1D59DF16000
|
heap
|
page read and write
|
||
|
7FFF2E0B6000
|
unkown
|
page read and write
|
||
|
1B482E98000
|
heap
|
page read and write
|
||
|
20684AF0000
|
trusted library section
|
page readonly
|
||
|
1EA6F370000
|
trusted library allocation
|
page read and write
|
||
|
20689450000
|
remote allocation
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
1D59DE54000
|
heap
|
page read and write
|
||
|
AE2CAFE000
|
stack
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
F40000
|
heap
|
page read and write
|
||
|
209E1720000
|
heap
|
page read and write
|
||
|
21E34B90000
|
trusted library allocation
|
page read and write
|
||
|
20683A64000
|
heap
|
page read and write
|
||
|
20683B17000
|
heap
|
page read and write
|
||
|
2294D200000
|
heap
|
page read and write
|
||
|
20684B00000
|
trusted library section
|
page readonly
|
||
|
1337000
|
heap
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
21C3F3E0000
|
heap
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
2294D253000
|
heap
|
page read and write
|
||
|
22E502D0000
|
heap
|
page read and write
|
||
|
1546C7F000
|
stack
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
20684415000
|
heap
|
page read and write
|
||
|
1D59E76F000
|
heap
|
page read and write
|
||
|
22E50000000
|
heap
|
page read and write
|
||
|
CFF452A000
|
stack
|
page read and write
|
||
|
22EF000
|
stack
|
page read and write
|
||
|
20683A3F000
|
heap
|
page read and write
|
||
|
2068908A000
|
heap
|
page read and write
|
||
|
237F7813000
|
heap
|
page read and write
|
||
|
9CE996E000
|
stack
|
page read and write
|
||
|
20516463000
|
heap
|
page read and write
|
||
|
20684558000
|
heap
|
page read and write
|
||
|
20689330000
|
trusted library allocation
|
page read and write
|
||
|
1B482DC0000
|
heap
|
page read and write
|
||
|
18002F000
|
direct allocation
|
page readonly
|
||
|
20689308000
|
trusted library allocation
|
page read and write
|
||
|
2294D308000
|
heap
|
page read and write
|
||
|
1D59DC40000
|
heap
|
page read and write
|
||
|
21E34950000
|
trusted library allocation
|
page read and write
|
||
|
62D877B000
|
stack
|
page read and write
|
||
|
1D59E728000
|
heap
|
page read and write
|
||
|
21E33C8F000
|
heap
|
page read and write
|
||
|
22E502D5000
|
heap
|
page read and write
|
||
|
21C3F530000
|
heap
|
page read and write
|
||
|
1EA6F270000
|
heap
|
page read and write
|
||
|
7FAF91B000
|
stack
|
page read and write
|
||
|
62D88FE000
|
stack
|
page read and write
|
||
|
2294D266000
|
heap
|
page read and write
|
||
|
27A4B280000
|
trusted library allocation
|
page read and write
|
||
|
21E34BB0000
|
trusted library allocation
|
page read and write
|
||
|
21E33C8F000
|
heap
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
137E000
|
heap
|
page read and write
|
||
|
20689450000
|
trusted library allocation
|
page read and write
|
||
|
1D59E790000
|
heap
|
page read and write
|
||
|
657F3FF000
|
stack
|
page read and write
|
||
|
21C3F57D000
|
heap
|
page read and write
|
||
|
1EA6F508000
|
heap
|
page read and write
|
||
|
20689450000
|
remote allocation
|
page read and write
|
||
|
206839F0000
|
trusted library allocation
|
page read and write
|
||
|
21C3F581000
|
heap
|
page read and write
|
||
|
8C73DFF000
|
stack
|
page read and write
|
||
|
20684402000
|
heap
|
page read and write
|
||
|
22E50200000
|
direct allocation
|
page execute and read and write
|
||
|
1546CFE000
|
stack
|
page read and write
|
||
|
206890EC000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
890000
|
direct allocation
|
page execute and read and write
|
||
|
20684B20000
|
trusted library section
|
page readonly
|
||
|
18002E000
|
direct allocation
|
page read and write
|
||
|
2068902C000
|
heap
|
page read and write
|
||
|
7FFF2E0B9000
|
unkown
|
page readonly
|
||
|
34FF000
|
stack
|
page read and write
|
||
|
59B017E000
|
stack
|
page read and write
|
||
|
20516458000
|
heap
|
page read and write
|
||
|
1EA6F210000
|
heap
|
page read and write
|
||
|
22E50240000
|
heap
|
page readonly
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
1B482EBE000
|
heap
|
page read and write
|
||
|
908000
|
heap
|
page read and write
|
||
|
21E33C8F000
|
heap
|
page read and write
|
||
|
194531D5000
|
heap
|
page read and write
|
||
|
209DFBB8000
|
heap
|
page read and write
|
||
|
22E4FFA0000
|
heap
|
page read and write
|
||
|
20684502000
|
heap
|
page read and write
|
||
|
237F782A000
|
heap
|
page read and write
|
||
|
20684F60000
|
trusted library allocation
|
page read and write
|
||
|
27A4B702000
|
heap
|
page read and write
|
||
|
27A4B2E0000
|
heap
|
page read and write
|
||
|
7FFF2E0B9000
|
unkown
|
page readonly
|
||
|
59B08FF000
|
stack
|
page read and write
|
||
|
21C3F562000
|
heap
|
page read and write
|
||
|
1D59DE83000
|
heap
|
page read and write
|
||
|
21C3F510000
|
heap
|
page read and write
|
||
|
2294D229000
|
heap
|
page read and write
|
||
|
27A4B418000
|
unkown
|
page read and write
|
||
|
20689420000
|
trusted library allocation
|
page read and write
|
||
|
18002D000
|
direct allocation
|
page readonly
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
133B000
|
heap
|
page read and write
|
||
|
20689320000
|
trusted library allocation
|
page read and write
|
||
|
2068900F000
|
heap
|
page read and write
|
||
|
21E33C40000
|
heap
|
page read and write
|
||
|
22E51C50000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
205162C0000
|
heap
|
page read and write
|
||
|
21C3F591000
|
heap
|
page read and write
|
||
|
209DFAC0000
|
heap
|
page read and write
|
||
|
21C3F567000
|
heap
|
page read and write
|
||
|
954DEFF000
|
stack
|
page read and write
|
||
|
1D59DE49000
|
heap
|
page read and write
|
||
|
27A4B515000
|
trusted library allocation
|
page read and write
|
||
|
209DFC00000
|
heap
|
page read and write
|
||
|
1EA6F450000
|
heap
|
page read and write
|
||
|
22E51C54000
|
heap
|
page read and write
|
||
|
954DBA6000
|
stack
|
page read and write
|
||
|
21E33C48000
|
heap
|
page read and write
|
||
|
20688FD0000
|
trusted library allocation
|
page read and write
|
||
|
22E51C50000
|
heap
|
page read and write
|
||
|
9CEA17C000
|
stack
|
page read and write
|
||
|
22E4FFA0000
|
heap
|
page read and write
|
||
|
CFF48FF000
|
stack
|
page read and write
|
||
|
20683980000
|
trusted library allocation
|
page read and write
|
There are 596 hidden memdumps, click here to show them.