Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
5iiXyNVCQ3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files\WinRAP\RarExt32.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_9cdbf19a94ecdea39c14ee8fd4f9ea7f9e7533d_fe4ae974_14fd8b6a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_69aa54bf4562ff7e548e4d05abc368941456d4_82810a17_050990c9\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER806D.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Nov 3 11:35:16 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER832D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER83CA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER885C.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Nov 3 11:35:18 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B4B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C46.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\5iiXyNVCQ3.dll"
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
C:\WINDOWS\system32\svchost.exe -K NetworkService
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
C:\WINDOWS\system32\svchost.exe -K NetworkService
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
C:\WINDOWS\system32\svchost.exe -K NetworkService
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\5iiXyNVCQ3.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\5iiXyNVCQ3.dll,unll
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\5iiXyNVCQ3.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 616
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 844
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
52eva.top
|
208.100.26.242
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.100.26.242
|
52eva.top
|
United States
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00184006417502B9
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{82319504-c857-892a-1691-677d3695f0d2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 16 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F7B000
|
heap
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
676000
|
heap
|
page read and write
|
||
|
5001000
|
trusted library allocation
|
page read and write
|
||
|
510000
|
direct allocation
|
page read and write
|
||
|
4F4000
|
remote allocation
|
page execute and read and write
|
||
|
48C0000
|
trusted library allocation
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
22691740000
|
trusted library allocation
|
page read and write
|
||
|
103D000
|
stack
|
page read and write
|
||
|
F75000
|
heap
|
page read and write
|
||
|
60B000
|
stack
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
E5A000
|
trusted library allocation
|
page read and write
|
||
|
2880000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FE0000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
4D12000
|
trusted library allocation
|
page read and write
|
||
|
4FBE000
|
stack
|
page read and write
|
||
|
101E000
|
stack
|
page read and write
|
||
|
1001F000
|
trusted library allocation
|
page execute and read and write
|
||
|
105F000
|
stack
|
page read and write
|
||
|
47D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
492000
|
remote allocation
|
page readonly
|
||
|
6D0000
|
unkown
|
page read and write
|
||
|
E6B000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
16348402000
|
unkown
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2800000
|
trusted library allocation
|
page execute and read and write
|
||
|
1634840D000
|
unkown
|
page read and write
|
||
|
4C9000
|
remote allocation
|
page execute and read and write
|
||
|
4C80000
|
remote allocation
|
page read and write
|
||
|
10080000
|
trusted library allocation
|
page execute and read and write
|
||
|
22692370000
|
trusted library allocation
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
22691770000
|
trusted library allocation
|
page read and write
|
||
|
98B000
|
stack
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
16348613000
|
heap
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
1280000
|
direct allocation
|
page execute and read and write
|
||
|
50A000
|
remote allocation
|
page read and write
|
||
|
4750000
|
trusted library allocation
|
page execute and read and write
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
4D9E1FE000
|
stack
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
567E000
|
stack
|
page read and write
|
||
|
22691730000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
4D0C000
|
trusted library allocation
|
page read and write
|
||
|
2811000
|
trusted library allocation
|
page execute and read and write
|
||
|
16348465000
|
heap
|
page read and write
|
||
|
177000
|
heap
|
page read and write
|
||
|
4C01000
|
trusted library allocation
|
page read and write
|
||
|
2880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
117F000
|
stack
|
page read and write
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page read and write
|
||
|
4280000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
117F000
|
stack
|
page read and write
|
||
|
1001F000
|
trusted library allocation
|
page execute and read and write
|
||
|
61A4000
|
trusted library allocation
|
page read and write
|
||
|
1001F000
|
trusted library allocation
|
page execute and read and write
|
||
|
22691760000
|
heap
|
page read and write
|
||
|
22691769000
|
heap
|
page read and write
|
||
|
D07000
|
heap
|
page read and write
|
||
|
48B0000
|
trusted library allocation
|
page read and write
|
||
|
16348428000
|
heap
|
page read and write
|
||
|
4D9E0F9000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page read and write
|
||
|
E5C000
|
trusted library allocation
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
4761000
|
trusted library allocation
|
page execute and read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
4E3000
|
remote allocation
|
page execute and read and write
|
||
|
10080000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
B60000
|
trusted library allocation
|
page execute and read and write
|
||
|
61A0000
|
heap
|
page read and write
|
||
|
486A000
|
stack
|
page read and write
|
||
|
59C4F9000
|
stack
|
page read and write
|
||
|
16348438000
|
heap
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
10000000
|
trusted library allocation
|
page execute and read and write
|
||
|
16348500000
|
trusted library allocation
|
page read and write
|
||
|
F89000
|
heap
|
page read and write
|
||
|
226914B0000
|
heap
|
page read and write
|
||
|
22691420000
|
heap
|
page read and write
|
||
|
94A000
|
stack
|
page read and write
|
||
|
1001F000
|
trusted library allocation
|
page execute and read and write
|
||
|
10011000
|
trusted library allocation
|
page execute and read and write
|
||
|
10000000
|
trusted library allocation
|
page execute and read and write
|
||
|
4750000
|
trusted library allocation
|
page execute and read and write
|
||
|
226914A8000
|
heap
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page read and write
|
||
|
F01000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
remote allocation
|
page read and write
|
||
|
8E0000
|
unkown
|
page read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
AF1000
|
trusted library allocation
|
page execute and read and write
|
||
|
D25000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
40000
|
heap
|
page read and write
|
||
|
22691506000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
E7F000
|
stack
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
226914A0000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
10080000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DE000
|
stack
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
48AD000
|
stack
|
page read and write
|
||
|
4761000
|
trusted library allocation
|
page execute and read and write
|
||
|
16348523000
|
heap
|
page read and write
|
||
|
4A9000
|
remote allocation
|
page execute and read and write
|
||
|
281F000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
F7B000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
16348702000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
22691765000
|
heap
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
48AD000
|
stack
|
page read and write
|
||
|
59C10D000
|
stack
|
page read and write
|
||
|
16348270000
|
heap
|
page read and write
|
||
|
22692360000
|
heap
|
page readonly
|
||
|
105F000
|
stack
|
page read and write
|
||
|
105F000
|
stack
|
page read and write
|
||
|
11D0000
|
remote allocation
|
page read and write
|
||
|
4BC000
|
remote allocation
|
page execute and read and write
|
||
|
577F000
|
stack
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
226923D0000
|
trusted library allocation
|
page read and write
|
||
|
10000000
|
trusted library allocation
|
page execute and read and write
|
||
|
226914F0000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
61A4000
|
heap
|
page read and write
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
1290000
|
direct allocation
|
page read and write
|
||
|
8E0000
|
unkown
|
page read and write
|
||
|
563F000
|
stack
|
page read and write
|
||
|
10080000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
6D0000
|
unkown
|
page read and write
|
||
|
10000000
|
trusted library allocation
|
page execute and read and write
|
||
|
E7F000
|
stack
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
4FB000
|
remote allocation
|
page execute and read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
2811000
|
trusted library allocation
|
page execute and read and write
|
||
|
10000000
|
trusted library allocation
|
page execute and read and write
|
||
|
67F000
|
heap
|
page read and write
|
||
|
16348280000
|
trusted library allocation
|
page read and write
|
||
|
101E000
|
stack
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
C02000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
16348468000
|
unkown
|
page read and write
|
||
|
486A000
|
stack
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
11BB000
|
stack
|
page read and write
|
||
|
98B000
|
stack
|
page read and write
|
||
|
5E0000
|
remote allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
10080000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page read and write
|
||
|
1001F000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
6E4000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
226914F0000
|
heap
|
page read and write
|
||
|
11BB000
|
stack
|
page read and write
|
||
|
10011000
|
trusted library allocation
|
page execute and read and write
|
||
|
29DD000
|
stack
|
page read and write
|
||
|
10DF000
|
stack
|
page read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
4D01000
|
trusted library allocation
|
page read and write
|
||
|
2811000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F0000
|
remote allocation
|
page read and write
|
||
|
D07000
|
heap
|
page read and write
|
||
|
B50000
|
direct allocation
|
page read and write
|
||
|
486A000
|
stack
|
page read and write
|
||
|
73D000
|
stack
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
47D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
281F000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E1000
|
remote allocation
|
page execute and read and write
|
||
|
D0A000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
remote allocation
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
33FE000
|
stack
|
page read and write
|
||
|
73D000
|
stack
|
page read and write
|
||
|
48C0000
|
trusted library allocation
|
page read and write
|
||
|
E7F000
|
stack
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
48AD000
|
stack
|
page read and write
|
||
|
D07000
|
heap
|
page read and write
|
||
|
B9B000
|
heap
|
page read and write
|
||
|
50A000
|
remote allocation
|
page execute and read and write
|
||
|
29DD000
|
stack
|
page read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
4D9E17A000
|
stack
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
16348602000
|
heap
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
50F000
|
stack
|
page read and write
|
||
|
EC0000
|
direct allocation
|
page execute and read and write
|
||
|
59C879000
|
stack
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
1F0000
|
direct allocation
|
page execute and read and write
|
||
|
CA5000
|
heap
|
page read and write
|
||
|
22691490000
|
trusted library allocation
|
page read and write
|
||
|
2800000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E0000
|
remote allocation
|
page read and write
|
||
|
6E8000
|
heap
|
page read and write
|
||
|
A7C000
|
stack
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
16348515000
|
trusted library allocation
|
page read and write
|
||
|
AFB000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page read and write
|
||
|
6F5000
|
heap
|
page read and write
|
||
|
F07000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
50A000
|
remote allocation
|
page execute and read and write
|
||
|
4DF000
|
remote allocation
|
page execute and read and write
|
||
|
29DD000
|
stack
|
page read and write
|
||
|
47D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
59C97C000
|
stack
|
page read and write
|
||
|
16348502000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
4F7E000
|
stack
|
page read and write
|
||
|
4F9000
|
remote allocation
|
page execute and read and write
|
||
|
16348717000
|
heap
|
page read and write
|
||
|
E55000
|
trusted library allocation
|
page read and write
|
||
|
F87000
|
heap
|
page read and write
|
||
|
EEA000
|
heap
|
page read and write
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
16348400000
|
unkown
|
page read and write
|
||
|
226912D0000
|
trusted library allocation
|
page read and write
|
||
|
4280000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
remote allocation
|
page execute read
|
||
|
F7B000
|
heap
|
page read and write
|
||
|
50A000
|
remote allocation
|
page execute and read and write
|
||
|
16348713000
|
heap
|
page read and write
|
||
|
E42000
|
trusted library allocation
|
page read and write
|
||
|
61A0000
|
trusted library allocation
|
page read and write
|
||
|
10011000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F0000
|
remote allocation
|
page read and write
|
||
|
C29000
|
heap
|
page read and write
|
||
|
281F000
|
trusted library allocation
|
page execute and read and write
|
||
|
2800000
|
trusted library allocation
|
page execute and read and write
|
||
|
D0A000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
6FA000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page read and write
|
||
|
117F000
|
stack
|
page read and write
|
||
|
D25000
|
heap
|
page read and write
|
||
|
16348713000
|
heap
|
page read and write
|
||
|
101E000
|
stack
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
585000
|
heap
|
page read and write
|
||
|
5CF000
|
stack
|
page read and write
|
||
|
EB000
|
stack
|
page read and write
|
||
|
98B000
|
stack
|
page read and write
|
||
|
EEA000
|
heap
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
F13000
|
trusted library allocation
|
page read and write
|
||
|
4761000
|
trusted library allocation
|
page execute and read and write
|
||
|
226914E8000
|
heap
|
page read and write
|
||
|
16348702000
|
heap
|
page read and write
|
||
|
F87000
|
heap
|
page read and write
|
||
|
163482E0000
|
heap
|
page read and write
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page read and write
|
||
|
10011000
|
trusted library allocation
|
page execute and read and write
|
||
|
D25000
|
heap
|
page read and write
|
||
|
7A0000
|
trusted library allocation
|
page read and write
|
||
|
22692380000
|
trusted library allocation
|
page read and write
|
||
|
4C80000
|
remote allocation
|
page read and write
|
||
|
10DF000
|
stack
|
page read and write
|
||
|
4F9000
|
remote allocation
|
page read and write
|
||
|
D0A000
|
heap
|
page read and write
|
||
|
4FB000
|
remote allocation
|
page execute and read and write
|
||
|
D14000
|
heap
|
page read and write
|
||
|
476F000
|
trusted library allocation
|
page execute and read and write
|
||
|
67A000
|
heap
|
page read and write
|
||
|
E12000
|
trusted library allocation
|
page read and write
|
||
|
B9B000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
6E5000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
476F000
|
trusted library allocation
|
page execute and read and write
|
||
|
22692350000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
trusted library allocation
|
page execute and read and write
|
||
|
476F000
|
trusted library allocation
|
page execute and read and write
|
||
|
4280000
|
trusted library allocation
|
page read and write
|
||
|
F87000
|
heap
|
page read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
5AE0000
|
trusted library allocation
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
48B0000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
11D0000
|
remote allocation
|
page read and write
|
||
|
2811000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FB000
|
remote allocation
|
page read and write
|
||
|
4FB000
|
remote allocation
|
page execute and read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
4D9E279000
|
stack
|
page read and write
|
||
|
EEA000
|
heap
|
page read and write
|
||
|
48B0000
|
trusted library allocation
|
page read and write
|
||
|
61A0000
|
trusted library allocation
|
page read and write
|
||
|
10000000
|
trusted library allocation
|
page execute and read and write
|
||
|
AFB000
|
stack
|
page read and write
|
||
|
4750000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
E51000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
direct allocation
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page read and write
|
||
|
AF1000
|
trusted library allocation
|
page execute and read and write
|
||
|
65A000
|
heap
|
page read and write
|
||
|
4F9000
|
remote allocation
|
page execute and read and write
|
||
|
4750000
|
trusted library allocation
|
page execute and read and write
|
||
|
22692120000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page read and write
|
||
|
BC0000
|
trusted library allocation
|
page readonly
|
||
|
4761000
|
trusted library allocation
|
page execute and read and write
|
||
|
E68000
|
trusted library allocation
|
page read and write
|
||
|
94A000
|
stack
|
page read and write
|
||
|
E47000
|
trusted library allocation
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
22691400000
|
heap
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
226912C0000
|
heap
|
page read and write
|
||
|
1001F000
|
trusted library allocation
|
page execute and read and write
|
||
|
AFF000
|
trusted library allocation
|
page execute and read and write
|
||
|
C13000
|
heap
|
page read and write
|
||
|
94A000
|
stack
|
page read and write
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
1001F000
|
trusted library allocation
|
page execute and read and write
|
||
|
2800000
|
trusted library allocation
|
page execute and read and write
|
||
|
2880000
|
trusted library allocation
|
page execute and read and write
|
||
|
10DF000
|
stack
|
page read and write
|
||
|
73D000
|
stack
|
page read and write
|
||
|
281F000
|
trusted library allocation
|
page execute and read and write
|
||
|
10011000
|
trusted library allocation
|
page execute and read and write
|
||
|
10080000
|
trusted library allocation
|
page execute and read and write
|
||
|
48C0000
|
trusted library allocation
|
page read and write
|
||
|
476F000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F9000
|
heap
|
page read and write
|
||
|
CA5000
|
heap
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
16348413000
|
unkown
|
page read and write
|
||
|
AFF000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
B9B000
|
heap
|
page read and write
|
||
|
61A4000
|
trusted library allocation
|
page read and write
|
||
|
A39000
|
stack
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page read and write
|
||
|
64C000
|
stack
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
EAB000
|
trusted library allocation
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
226914F0000
|
heap
|
page read and write
|
||
|
1634843B000
|
unkown
|
page read and write
|
||
|
CA5000
|
heap
|
page read and write
|
||
|
67C000
|
heap
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
E56000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
16348700000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
10080000
|
trusted library allocation
|
page execute and read and write
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
AA000
|
stack
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
10000000
|
trusted library allocation
|
page execute and read and write
|
||
|
B40000
|
direct allocation
|
page execute and read and write
|
||
|
E67000
|
trusted library allocation
|
page read and write
|
||
|
10011000
|
trusted library allocation
|
page execute and read and write
|
||
|
17A000
|
heap
|
page read and write
|
||
|
AFB000
|
stack
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
47D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
2880000
|
trusted library allocation
|
page execute and read and write
|
||
|
11BB000
|
stack
|
page read and write
|
||
|
A90000
|
remote allocation
|
page read and write
|
||
|
E44000
|
trusted library allocation
|
page read and write
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
10011000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D9DD4C000
|
stack
|
page read and write
|
||
|
E47000
|
trusted library allocation
|
page read and write
|
There are 419 hidden memdumps, click here to show them.