Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
test2.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_7bde5861e98b2ac3cc37e329f3101f62f0fff922_82810a17_14276a6d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5DBB.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Mar 17 03:54:14 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F81.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER600E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_7bde5861e98b2ac3cc37e329f3101f62f0fff922_82810a17_10651bfd\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF153.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Mar 16 19:45:30 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2AC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF31A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\test2.dll"
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\test2.dll",#1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\test2.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 656
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 636
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{b46ce9c1-c52d-e776-788f-501ae2b088f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
001840064172BCE4
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{c1686e3e-13cd-bb01-bb25-883f3709b64a}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800A9E8AF603
|
There are 32 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8719CFE000
|
stack
|
page read and write
|
||
|
11D58AC9000
|
heap
|
page read and write
|
||
|
23F73800000
|
heap
|
page read and write
|
||
|
E52B2C000
|
stack
|
page read and write
|
||
|
1D089C44000
|
heap
|
page read and write
|
||
|
11D59313000
|
heap
|
page read and write
|
||
|
1D089C39000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
20BDD413000
|
heap
|
page read and write
|
||
|
1D0899F0000
|
heap
|
page read and write
|
||
|
11D58ABA000
|
heap
|
page read and write
|
||
|
20BDDBA0000
|
trusted library allocation
|
page read and write
|
||
|
1DCCD673000
|
heap
|
page read and write
|
||
|
1DCCD657000
|
heap
|
page read and write
|
||
|
1D089C46000
|
heap
|
page read and write
|
||
|
157D4AF0000
|
heap
|
page read and write
|
||
|
1DCCD5D0000
|
trusted library allocation
|
page read and write
|
||
|
1D089C4B000
|
heap
|
page read and write
|
||
|
23F72E6D000
|
heap
|
page read and write
|
||
|
2292DC3E000
|
heap
|
page read and write
|
||
|
157D4BC0000
|
remote allocation
|
page read and write
|
||
|
4DC6BFF000
|
stack
|
page read and write
|
||
|
157D4B90000
|
trusted library allocation
|
page read and write
|
||
|
20BDD2A0000
|
heap
|
page read and write
|
||
|
2292DC29000
|
heap
|
page read and write
|
||
|
11D58AE1000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page read and write
|
||
|
1D089C7E000
|
heap
|
page read and write
|
||
|
20BDD513000
|
heap
|
page read and write
|
||
|
157D4D02000
|
heap
|
page read and write
|
||
|
1D089C55000
|
heap
|
page read and write
|
||
|
23F73792000
|
heap
|
page read and write
|
||
|
11D58ACB000
|
heap
|
page read and write
|
||
|
2292E402000
|
trusted library allocation
|
page read and write
|
||
|
1DCCD702000
|
heap
|
page read and write
|
||
|
23928960000
|
heap
|
page read and write
|
||
|
1DCCD4B0000
|
heap
|
page read and write
|
||
|
2292DC2F000
|
heap
|
page read and write
|
||
|
1DCCD602000
|
heap
|
page read and write
|
||
|
23F72E73000
|
heap
|
page read and write
|
||
|
1D089C4E000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
9D4597F000
|
stack
|
page read and write
|
||
|
174DAFE000
|
stack
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
4DC6EFC000
|
stack
|
page read and write
|
||
|
1DCCF200000
|
trusted library allocation
|
page read and write
|
||
|
23F72FE5000
|
heap
|
page read and write
|
||
|
157D4BC0000
|
remote allocation
|
page read and write
|
||
|
1D089C41000
|
heap
|
page read and write
|
||
|
1DCCD718000
|
heap
|
page read and write
|
||
|
20BDD479000
|
heap
|
page read and write
|
||
|
C3AD3FB000
|
stack
|
page read and write
|
||
|
23929402000
|
trusted library allocation
|
page read and write
|
||
|
23928A40000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
157D4C13000
|
heap
|
page read and write
|
||
|
1D089C40000
|
heap
|
page read and write
|
||
|
20BDD429000
|
heap
|
page read and write
|
||
|
C43CCFF000
|
stack
|
page read and write
|
||
|
23929270000
|
trusted library allocation
|
page read and write
|
||
|
23F72B90000
|
heap
|
page read and write
|
||
|
157D4C3C000
|
heap
|
page read and write
|
||
|
157D4B00000
|
heap
|
page read and write
|
||
|
4DC6FFD000
|
stack
|
page read and write
|
||
|
1D089C79000
|
heap
|
page read and write
|
||
|
20BDD400000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
1DCCEFE0000
|
remote allocation
|
page read and write
|
||
|
174D97C000
|
stack
|
page read and write
|
||
|
1DCCD62A000
|
heap
|
page read and write
|
||
|
11D59300000
|
heap
|
page read and write
|
||
|
1DCCD613000
|
heap
|
page read and write
|
||
|
23F737B1000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2292DAC0000
|
heap
|
page read and write
|
||
|
91B9DFD000
|
stack
|
page read and write
|
||
|
23F72F13000
|
heap
|
page read and write
|
||
|
174DFFE000
|
stack
|
page read and write
|
||
|
E532FF000
|
stack
|
page read and write
|
||
|
157D4C29000
|
heap
|
page read and write
|
||
|
23F737C9000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
10004000
|
unkown
|
page write copy
|
||
|
4DC6CFE000
|
stack
|
page read and write
|
||
|
2292DC55000
|
heap
|
page read and write
|
||
|
7BD000
|
stack
|
page read and write
|
||
|
23F72E29000
|
heap
|
page read and write
|
||
|
1D089C75000
|
heap
|
page read and write
|
||
|
23F73830000
|
heap
|
page read and write
|
||
|
23F73722000
|
heap
|
page read and write
|
||
|
1D0899E0000
|
heap
|
page read and write
|
||
|
1D089C61000
|
heap
|
page read and write
|
||
|
C43CAFB000
|
stack
|
page read and write
|
||
|
6BD000
|
stack
|
page read and write
|
||
|
23F72E58000
|
heap
|
page read and write
|
||
|
23928A69000
|
heap
|
page read and write
|
||
|
10003000
|
unkown
|
page read and write
|
||
|
1DCCD647000
|
heap
|
page read and write
|
||
|
1DCCD648000
|
heap
|
page read and write
|
||
|
4DC70FE000
|
stack
|
page read and write
|
||
|
23F73813000
|
heap
|
page read and write
|
||
|
23F72E76000
|
heap
|
page read and write
|
||
|
23928B02000
|
heap
|
page read and write
|
||
|
10004000
|
unkown
|
page write copy
|
||
|
11D58950000
|
trusted library allocation
|
page read and write
|
||
|
23928B13000
|
heap
|
page read and write
|
||
|
9D4577E000
|
stack
|
page read and write
|
||
|
1D089C7B000
|
heap
|
page read and write
|
||
|
E5357E000
|
stack
|
page read and write
|
||
|
174DEFD000
|
stack
|
page read and write
|
||
|
10008000
|
unkown
|
page readonly
|
||
|
1D089C6A000
|
heap
|
page read and write
|
||
|
1DCCD658000
|
heap
|
page read and write
|
||
|
91BA1FF000
|
stack
|
page read and write
|
||
|
11D59202000
|
heap
|
page read and write
|
||
|
2292DC46000
|
heap
|
page read and write
|
||
|
20BDD300000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
23F73827000
|
heap
|
page read and write
|
||
|
C3ADDFF000
|
stack
|
page read and write
|
||
|
C43C5AC000
|
stack
|
page read and write
|
||
|
1D089C6D000
|
heap
|
page read and write
|
||
|
23928A00000
|
heap
|
page read and write
|
||
|
11D58850000
|
heap
|
page read and write
|
||
|
1D089C48000
|
heap
|
page read and write
|
||
|
174DC7C000
|
stack
|
page read and write
|
||
|
11D58A3E000
|
heap
|
page read and write
|
||
|
23F73830000
|
heap
|
page read and write
|
||
|
23F72E94000
|
heap
|
page read and write
|
||
|
10008000
|
unkown
|
page readonly
|
||
|
20BDD45B000
|
heap
|
page read and write
|
||
|
91B9FFE000
|
stack
|
page read and write
|
||
|
20BDD46B000
|
heap
|
page read and write
|
||
|
1D089C23000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
2292DC13000
|
heap
|
page read and write
|
||
|
1DCCD689000
|
heap
|
page read and write
|
||
|
23F72E00000
|
heap
|
page read and write
|
||
|
23F72FB9000
|
heap
|
page read and write
|
||
|
91B9CFE000
|
stack
|
page read and write
|
||
|
23F72E43000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
10006000
|
unkown
|
page readonly
|
||
|
23928A7A000
|
heap
|
page read and write
|
||
|
1DCCD682000
|
heap
|
page read and write
|
||
|
157D4C02000
|
heap
|
page read and write
|
||
|
1DCCEFE0000
|
remote allocation
|
page read and write
|
||
|
C3ADEFE000
|
stack
|
page read and write
|
||
|
174DBFF000
|
stack
|
page read and write
|
||
|
1D089C30000
|
heap
|
page read and write
|
||
|
23F72E70000
|
heap
|
page read and write
|
||
|
1DCCD662000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
23928A56000
|
heap
|
page read and write
|
||
|
1D089C3D000
|
heap
|
page read and write
|
||
|
4DC6DFE000
|
stack
|
page read and write
|
||
|
1DCCD648000
|
heap
|
page read and write
|
||
|
1DCCF002000
|
trusted library allocation
|
page read and write
|
||
|
E5327D000
|
stack
|
page read and write
|
||
|
174D53C000
|
stack
|
page read and write
|
||
|
1D089C32000
|
heap
|
page read and write
|
||
|
91BA4FF000
|
stack
|
page read and write
|
||
|
1D089C84000
|
heap
|
page read and write
|
||
|
1D089C62000
|
heap
|
page read and write
|
||
|
C3AD9FC000
|
stack
|
page read and write
|
||
|
1DCCD658000
|
heap
|
page read and write
|
||
|
4DC687B000
|
stack
|
page read and write
|
||
|
11D587E0000
|
heap
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
11D58A87000
|
heap
|
page read and write
|
||
|
1D089C7A000
|
heap
|
page read and write
|
||
|
2292DD02000
|
heap
|
page read and write
|
||
|
E5317E000
|
stack
|
page read and write
|
||
|
23928B00000
|
heap
|
page read and write
|
||
|
1D089C6F000
|
heap
|
page read and write
|
||
|
20BDD402000
|
heap
|
page read and write
|
||
|
8719BFE000
|
stack
|
page read and write
|
||
|
91BA3FF000
|
stack
|
page read and write
|
||
|
871997E000
|
stack
|
page read and write
|
||
|
1DCCD600000
|
heap
|
page read and write
|
||
|
23928970000
|
heap
|
page read and write
|
||
|
91BA2FF000
|
stack
|
page read and write
|
||
|
20BDD441000
|
heap
|
page read and write
|
||
|
1DCCD626000
|
heap
|
page read and write
|
||
|
1D089C13000
|
heap
|
page read and write
|
||
|
174DDFB000
|
stack
|
page read and write
|
||
|
9D4587A000
|
stack
|
page read and write
|
||
|
316F000
|
stack
|
page read and write
|
||
|
23F72E8D000
|
heap
|
page read and write
|
||
|
174E0FC000
|
stack
|
page read and write
|
||
|
157D4B60000
|
heap
|
page read and write
|
||
|
2292DAD0000
|
heap
|
page read and write
|
||
|
23928A64000
|
heap
|
page read and write
|
||
|
E533FD000
|
stack
|
page read and write
|
||
|
91B9B7B000
|
stack
|
page read and write
|
||
|
1DCCEFA0000
|
trusted library allocation
|
page read and write
|
||
|
2292E3C0000
|
trusted library allocation
|
page read and write
|
||
|
1D08A402000
|
trusted library allocation
|
page read and write
|
||
|
11D58B02000
|
heap
|
page read and write
|
||
|
1D089C45000
|
heap
|
page read and write
|
||
|
8719AFE000
|
stack
|
page read and write
|
||
|
20BDDC02000
|
trusted library allocation
|
page read and write
|
||
|
23F7376F000
|
heap
|
page read and write
|
||
|
E52FFF000
|
stack
|
page read and write
|
||
|
23F72C00000
|
heap
|
page read and write
|
||
|
157D5602000
|
trusted library allocation
|
page read and write
|
||
|
1DCCD700000
|
heap
|
page read and write
|
||
|
1D089C29000
|
heap
|
page read and write
|
||
|
23F73722000
|
heap
|
page read and write
|
||
|
1D089C74000
|
heap
|
page read and write
|
||
|
20BDD290000
|
heap
|
page read and write
|
||
|
23F72F8E000
|
heap
|
page read and write
|
||
|
1D089C60000
|
heap
|
page read and write
|
||
|
C43CDFF000
|
stack
|
page read and write
|
||
|
1D089C42000
|
heap
|
page read and write
|
||
|
2292DC00000
|
heap
|
page read and write
|
||
|
C3ADB7E000
|
stack
|
page read and write
|
||
|
23F72E92000
|
heap
|
page read and write
|
||
|
9D4547B000
|
stack
|
page read and write
|
||
|
1DCCD71C000
|
heap
|
page read and write
|
||
|
23928A28000
|
heap
|
page read and write
|
||
|
1D089C50000
|
heap
|
page read and write
|
||
|
157D4C57000
|
heap
|
page read and write
|
||
|
23928A02000
|
heap
|
page read and write
|
||
|
11D58A6E000
|
heap
|
page read and write
|
||
|
91B971C000
|
stack
|
page read and write
|
||
|
1D089D02000
|
heap
|
page read and write
|
||
|
23F72D20000
|
trusted library allocation
|
page read and write
|
||
|
174E1FF000
|
stack
|
page read and write
|
||
|
23F72BA0000
|
heap
|
page read and write
|
||
|
2292DC02000
|
heap
|
page read and write
|
||
|
1D089A50000
|
heap
|
page read and write
|
||
|
8719DFE000
|
stack
|
page read and write
|
||
|
E5307C000
|
stack
|
page read and write
|
||
|
1D089C68000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
23F72D00000
|
trusted library allocation
|
page read and write
|
||
|
23F737BD000
|
heap
|
page read and write
|
||
|
174DD7D000
|
stack
|
page read and write
|
||
|
1D089C00000
|
heap
|
page read and write
|
||
|
4DC6A7C000
|
stack
|
page read and write
|
||
|
11D58A29000
|
heap
|
page read and write
|
||
|
11D58A00000
|
heap
|
page read and write
|
||
|
2D4B000
|
stack
|
page read and write
|
||
|
23F73702000
|
heap
|
page read and write
|
||
|
325A000
|
heap
|
page read and write
|
||
|
2292DB20000
|
heap
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
20BDD502000
|
heap
|
page read and write
|
||
|
1D089C56000
|
heap
|
page read and write
|
||
|
23F72E3C000
|
heap
|
page read and write
|
||
|
23F73602000
|
heap
|
page read and write
|
||
|
4DC71FC000
|
stack
|
page read and write
|
||
|
1D089C47000
|
heap
|
page read and write
|
||
|
1DCCEFE0000
|
remote allocation
|
page read and write
|
||
|
1DCCD440000
|
heap
|
page read and write
|
||
|
20BDD463000
|
heap
|
page read and write
|
||
|
CEB000
|
heap
|
page read and write
|
||
|
1D089C77000
|
heap
|
page read and write
|
||
|
23F73754000
|
heap
|
page read and write
|
||
|
23F73802000
|
heap
|
page read and write
|
||
|
23928A13000
|
heap
|
page read and write
|
||
|
157D4BC0000
|
remote allocation
|
page read and write
|
||
|
C3AD8FE000
|
stack
|
page read and write
|
||
|
23F72E43000
|
heap
|
page read and write
|
||
|
1D089C4F000
|
heap
|
page read and write
|
||
|
1D089B50000
|
trusted library allocation
|
page read and write
|
||
|
C3ADA79000
|
stack
|
page read and write
|
||
|
23F73743000
|
heap
|
page read and write
|
||
|
1DCCD450000
|
heap
|
page read and write
|
||
|
11D58B13000
|
heap
|
page read and write
|
||
|
10006000
|
unkown
|
page readonly
|
||
|
C3ADC7A000
|
stack
|
page read and write
|
||
|
871987C000
|
stack
|
page read and write
|
||
|
23F72E13000
|
heap
|
page read and write
|
||
|
91BA0FF000
|
stack
|
page read and write
|
||
|
11D58A13000
|
heap
|
page read and write
|
||
|
2D0C000
|
stack
|
page read and write
|
||
|
239289D0000
|
heap
|
page read and write
|
||
|
C43CBFB000
|
stack
|
page read and write
|
||
|
C3AD7FA000
|
stack
|
page read and write
|
||
|
23F73823000
|
heap
|
page read and write
|
||
|
1DCCD5B0000
|
trusted library allocation
|
page read and write
|
||
|
11D587F0000
|
heap
|
page read and write
|
||
|
C3ADD7F000
|
stack
|
page read and write
|
||
|
1D089C49000
|
heap
|
page read and write
|
||
|
1DCCD63D000
|
heap
|
page read and write
|
||
|
2292DC37000
|
heap
|
page read and write
|
||
|
23F73700000
|
heap
|
page read and write
|
||
|
157D4C00000
|
heap
|
page read and write
|
||
|
1DCCD713000
|
heap
|
page read and write
|
||
|
87198FE000
|
stack
|
page read and write
|
||
|
11D58AE7000
|
heap
|
page read and write
|
There are 284 hidden memdumps, click here to show them.