Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
main2.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c55aaf39bde8f13d445c6aad2c0a878a5c24_82810a17_1d05b9a9\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c55aaf39bde8f13d445c6aad2c0a878a5c24_82810a17_1d1db9c8\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c55aaf39bde8f13d445c6aad2c0a878a5c24_82810a17_1e81c6c8\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c56e6db63eb6a43e45028e0a8fb2e35516856f4_82810a17_1e71ba64\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c56e6db63eb6a43e45028e0a8fb2e35516856f4_82810a17_1e91c745\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AB7.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 01:09:37 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AC6.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 01:09:37 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CAC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CBB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CEB.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CFB.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAFA6.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 01:09:42 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB13D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB19C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF27.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 01:09:46 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF65.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 01:09:46 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0AF.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0FD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC11D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC15B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 63843 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\TBWYS6DL.htm
|
HTML document, ASCII text, with very long lines (64945)
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\t5[1]
|
ASCII text, with very long lines (1000), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\upgrade-browser[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (4345)
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 18 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\main2.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\main2.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\main2.dll,mv_add_i
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\main2.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 660
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\main2.dll,mv_add_q
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\main2.dll,mv_add_stable
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 656
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\main2.dll",mv_add_i
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\main2.dll",mv_add_q
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\main2.dll",mv_add_stable
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\main2.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\main2.dll",mvutil_license
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\main2.dll",mvutil_configuration
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 656
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 660
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\SysWOW64\ipconfig.exe
|
ipconfig /all
|
|
|
|
C:\Windows\SysWOW64\whoami.exe
|
whoami /all
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
There are 14 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://s.yimg.com/ss/rapid-3.53.38.js
|
unknown
|
||
|
https://s.yimg.com/cx/pv/perf-vitals_3.1.0.js
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/mSue5SVNN_TGu6vhxeFaIQ--~B/Zmk9c3RyaW07aD0zODg7cT05NTt3PTcyMDthcHB
|
unknown
|
||
|
https://s.yimg.com/aaq/spotim/
|
unknown
|
||
|
https://s2.go-mpulse.net/boomerang/
|
unknown
|
||
|
https://developer.oracle.com/
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/k6Yan1hmgAcQ_.RyIRyjKA--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://tags.tiqcdn.com/
|
unknown
|
||
|
https://www.oracle.com/asset/web/fonts/redwoodicons.woff2
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/JB3oERIZNZLPfu6X4e9z6A--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://consent.trustarc.com
|
unknown
|
||
|
https://fp-graviton-home-gateway.media.yahoo.com/
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/gQ4w2GlaUg5XgxXVq6fU_w--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://6.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C4830441%7C0%7C225%7CAdId=11101911;BnId=2;ct=2070467
|
unknown
|
||
|
https://openweb.jac.yahoosandbox.com
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/iqJCDdqoBvMFTq393T2TJw--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-192.png
|
unknown
|
||
|
https://www.oracle.com/upgrade-browser/
|
unknown
|
||
|
https://yahoo.com/
|
54.161.105.65
|
||
|
https://d.oracleinfinity.io
|
unknown
|
||
|
https://www.ad.com/?utm_source=yahoo-home&utm_medium=referral&utm_campaign=ad-feedback"
|
unknown
|
||
|
https://www.oracle.com/asset/web/fonts/oraclesansvf.woff2
|
unknown
|
||
|
https://academy.oracle.com/en/oa-web-overview.html
|
unknown
|
||
|
https://s.go-mpulse.net/boomerang/
|
unknown
|
||
|
https://investor.oracle.com/home/default.aspx
|
unknown
|
||
|
https://search.yahoo.com/search?p=
|
unknown
|
||
|
https://www.google.com/chrome/
|
unknown
|
||
|
http://schema.org
|
unknown
|
||
|
http://www.opensource.org/licenses/mit-license.php
|
unknown
|
||
|
https://legal.yahoo.com/us/en/yahoo/privacy/adinfo/index.html"
|
unknown
|
||
|
https://tms.oracle.com/
|
unknown
|
||
|
https://oracle.com/
|
147.154.26.35
|
||
|
https://streams.videolan.org/upload/
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/QfDZyyWWOuopF7byq4JOPw--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://developer.oracle.com/community/events/devlive-level-up-march-2023-recordings.html
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/.qI7oCjOo8kDU9oJt_JGgg--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://twitter.com/oracle
|
unknown
|
||
|
https://www.youtube.com/oracle/
|
unknown
|
||
|
https://c.go-mpulse.net
|
unknown
|
||
|
https://s.yimg.com/aaq/nel/js/spotIm.custom.SpotIMJAC.modal.9d3270fa67932556c75baaed2c09c955.js
|
unknown
|
||
|
https://dc.oracleinfinity.io
|
unknown
|
||
|
https://s.yimg.com/aaq/hc/homepage-pwa-defer-1.1.6.js
|
unknown
|
||
|
https://www.oracle.com/corporate/accessibility/
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-128.png
|
unknown
|
||
|
https://tms.oracle.com/main/prod/utag.js
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-32.png
|
unknown
|
||
|
https://s.yimg.com/aaq/vzm/cs_1.4.0.js
|
unknown
|
||
|
https://search.oracle.com/events?q=&lang=english
|
unknown
|
||
|
http://www.yahoo.com/
|
87.248.100.215
|
||
|
https://tms.oracle.com/main/prod/utag.sync.js
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-152.png
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://developer.oracle.com/python/what-is-python/
|
unknown
|
||
|
https://s.yimg.com/uc/sf/0.1.322/js/safe.min.js
|
unknown
|
||
|
https://www.yahoo.com/
|
87.248.100.215
|
||
|
https://www.yahoo.com/px.gif
|
unknown
|
||
|
https://www.oracle.com/
|
unknown
|
||
|
https://oracle.112.2o7.net
|
unknown
|
||
|
https://go.oracle.com/subscriptions
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-180.png
|
unknown
|
||
|
https://6.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C4830424%7C0%7C0%7CAdId=-41;BnId=0;ct=2070467765;st=
|
unknown
|
||
|
https://s.yimg.com/aaq/wf/wf-core-1.63.0.js
|
unknown
|
||
|
https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=2023538075&c7=https%3A%2F%2Fwww.yahoo.com%2F&c
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/_thhUXx96QwnlqajJOOzag--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/nn/lib/metro/g/myy/advertisement_0.0.19.js
|
unknown
|
||
|
https://profile.oracle.com/myprofile/account/create-account.jspx
|
unknown
|
||
|
https://tms.oracle.com/main/dev/utag.js
|
unknown
|
||
|
https://www.linkedin.com/company/oracle/
|
unknown
|
||
|
https://yep.video.yahoo.com/oath/js/1/oath-player.js?ypv=8.5.43&lang=en-US
|
unknown
|
||
|
https://blogs.oracle.com/
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-120.png
|
unknown
|
||
|
https://s.go-mpulse.net
|
unknown
|
||
|
https://www.oracle.com/webapps/redirect/signon?nexturl=
|
unknown
|
||
|
https://openweb.jac.yahoosandbox.com/1.5.0/jac.js
|
unknown
|
There are 64 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
new-fp-shed.wg1.b.yahoo.com
|
87.248.100.215
|
||
|
oracle.com
|
147.154.26.35
|
||
|
yahoo.com
|
54.161.105.65
|
||
|
www.yahoo.com
|
unknown
|
||
|
www.oracle.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
75.143.236.149
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
86.195.14.72
|
unknown
|
France
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
105.184.103.97
|
unknown
|
South Africa
|
|
|
|
92.186.69.229
|
unknown
|
France
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
14.192.241.76
|
unknown
|
Malaysia
|
|
|
|
173.88.135.179
|
unknown
|
United States
|
|
|
|
84.108.200.161
|
unknown
|
Israel
|
|
|
|
47.34.30.133
|
unknown
|
United States
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
124.149.143.189
|
unknown
|
Australia
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
84.35.26.14
|
unknown
|
Netherlands
|
|
|
|
73.29.92.128
|
unknown
|
United States
|
|
|
|
68.203.69.96
|
unknown
|
United States
|
|
|
|
82.131.141.209
|
unknown
|
Hungary
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
178.175.187.254
|
unknown
|
Moldova Republic of
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
186.64.67.30
|
unknown
|
Argentina
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
81.101.185.146
|
unknown
|
United Kingdom
|
|
|
|
86.176.144.234
|
unknown
|
United Kingdom
|
|
|
|
59.28.84.65
|
unknown
|
Korea Republic of
|
|
|
|
76.86.31.59
|
unknown
|
United States
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
96.87.28.170
|
unknown
|
United States
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
78.92.133.215
|
unknown
|
Hungary
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
51.14.29.227
|
unknown
|
United Kingdom
|
|
|
|
85.57.212.13
|
unknown
|
Spain
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
80.12.88.148
|
unknown
|
France
|
|
|
|
81.111.108.123
|
unknown
|
United Kingdom
|
|
|
|
69.133.162.35
|
unknown
|
United States
|
|
|
|
86.132.236.117
|
unknown
|
United Kingdom
|
|
|
|
151.62.238.176
|
unknown
|
Italy
|
|
|
|
70.112.206.5
|
unknown
|
United States
|
|
|
|
41.228.224.161
|
unknown
|
Tunisia
|
|
|
|
205.237.67.69
|
unknown
|
Canada
|
|
|
|
102.159.188.125
|
unknown
|
Tunisia
|
|
|
|
151.65.167.77
|
unknown
|
Italy
|
|
|
|
76.178.148.107
|
unknown
|
United States
|
|
|
|
89.36.206.69
|
unknown
|
Italy
|
|
|
|
69.242.31.249
|
unknown
|
United States
|
|
|
|
85.104.105.67
|
unknown
|
Turkey
|
|
|
|
94.207.104.225
|
unknown
|
United Arab Emirates
|
|
|
|
193.253.100.236
|
unknown
|
France
|
|
|
|
76.16.49.134
|
unknown
|
United States
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
78.18.105.11
|
unknown
|
Ireland
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
103.144.201.56
|
unknown
|
unknown
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
98.145.23.67
|
unknown
|
United States
|
|
|
|
82.125.44.236
|
unknown
|
France
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
89.129.109.27
|
unknown
|
Spain
|
|
|
|
122.186.210.254
|
unknown
|
India
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
90.78.147.141
|
unknown
|
France
|
|
|
|
122.184.143.86
|
unknown
|
India
|
|
|
|
186.75.95.6
|
unknown
|
Panama
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
213.64.33.61
|
unknown
|
Sweden
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
86.173.2.12
|
unknown
|
United Kingdom
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
78.160.146.127
|
unknown
|
Turkey
|
|
|
|
58.186.75.42
|
unknown
|
Viet Nam
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
50.68.204.71
|
unknown
|
Canada
|
|
|
|
71.38.155.217
|
unknown
|
United States
|
|
|
|
220.240.164.182
|
unknown
|
Australia
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
24.198.114.130
|
unknown
|
United States
|
|
|
|
2.36.64.159
|
unknown
|
Italy
|
|
|
|
198.2.51.242
|
unknown
|
United States
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
113.11.92.30
|
unknown
|
Bangladesh
|
|
|
|
147.154.26.35
|
oracle.com
|
United States
|
||
|
54.161.105.65
|
yahoo.com
|
United States
|
||
|
87.248.100.215
|
new-fp-shed.wg1.b.yahoo.com
|
United Kingdom
|
||
|
192.168.2.1
|
unknown
|
unknown
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00949CF1899
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{a11be96c-3191-167b-9123-1d6c5b7cffd8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00949CF1899
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00949CF1899
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
720f58e0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
479088ae
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
45d1a8d2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
fd6dcfb7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
8065803d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
38d9e758
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
ff2cefcb
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
d463716
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
da47b017
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
c0885830
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
d23df7de
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
af35b854
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
720f58e0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
720f58e0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
720f58e0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Gyrrcyajw
|
720f58e0
|
There are 40 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4FA000
|
heap
|
page read and write
|
|
|
|
E30000
|
heap
|
page read and write
|
|
|
|
212FF750000
|
trusted library allocation
|
page read and write
|
||
|
49C1000
|
heap
|
page read and write
|
||
|
1AD000
|
stack
|
page read and write
|
||
|
7C1000
|
direct allocation
|
page execute read
|
||
|
315A000
|
heap
|
page read and write
|
||
|
48C000
|
stack
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
2B36000
|
heap
|
page read and write
|
||
|
100AA000
|
unkown
|
page read and write
|
||
|
47E0000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
1386788A000
|
heap
|
page read and write
|
||
|
6DED000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
212FFFC0000
|
trusted library allocation
|
page read and write
|
||
|
ED1000
|
heap
|
page read and write
|
||
|
101D8000
|
unkown
|
page readonly
|
||
|
5630000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
5B19000
|
heap
|
page read and write
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
AA0000
|
heap
|
page readonly
|
||
|
101E1000
|
unkown
|
page write copy
|
||
|
6DED000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
13867700000
|
trusted library allocation
|
page read and write
|
||
|
1386788D000
|
heap
|
page read and write
|
||
|
6D48000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
3526000
|
heap
|
page read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
1386784B000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
13867902000
|
trusted library allocation
|
page read and write
|
||
|
7543000
|
heap
|
page read and write
|
||
|
4D6F000
|
stack
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
6D4C000
|
heap
|
page read and write
|
||
|
1386788D000
|
heap
|
page read and write
|
||
|
844DF7E000
|
stack
|
page read and write
|
||
|
101FC000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
319E000
|
stack
|
page read and write
|
||
|
A9F000
|
stack
|
page read and write
|
||
|
101E1000
|
unkown
|
page write copy
|
||
|
4CB000
|
stack
|
page read and write
|
||
|
212FF570000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
4DE000
|
stack
|
page read and write
|
||
|
13867D02000
|
heap
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
6D4C000
|
heap
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page readonly
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
650000
|
heap
|
page readonly
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
13867D00000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
100AA000
|
unkown
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
6D3C000
|
heap
|
page read and write
|
||
|
13867760000
|
heap
|
page read and write
|
||
|
101DE000
|
unkown
|
page write copy
|
||
|
C00000
|
heap
|
page read and write
|
||
|
101E1000
|
unkown
|
page write copy
|
||
|
D10000
|
heap
|
page read and write
|
||
|
AD000
|
stack
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
566000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
21280380000
|
trusted library allocation
|
page read and write
|
||
|
E53000
|
heap
|
page read and write
|
||
|
233B000
|
stack
|
page read and write
|
||
|
16F1C79000
|
stack
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
C9D000
|
stack
|
page read and write
|
||
|
48AF000
|
stack
|
page read and write
|
||
|
100AB000
|
unkown
|
page readonly
|
||
|
100AA000
|
unkown
|
page read and write
|
||
|
6D4C000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
100A000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
101DE000
|
unkown
|
page write copy
|
||
|
2290000
|
heap
|
page read and write
|
||
|
FBE000
|
stack
|
page read and write
|
||
|
703D000
|
heap
|
page read and write
|
||
|
6DBC000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page readonly
|
||
|
5630000
|
heap
|
page read and write
|
||
|
212FF7B5000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
212FF5BF000
|
heap
|
page read and write
|
||
|
100AA000
|
unkown
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
45D0000
|
heap
|
page read and write
|
||
|
4632000
|
heap
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
E1F000
|
stack
|
page read and write
|
||
|
100AA000
|
unkown
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
16F1A7D000
|
stack
|
page read and write
|
||
|
1386784B000
|
heap
|
page read and write
|
||
|
27C7000
|
heap
|
page read and write
|
||
|
6EDC000
|
heap
|
page read and write
|
||
|
6DED000
|
heap
|
page read and write
|
||
|
101DD000
|
unkown
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
99C000
|
stack
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
DBF000
|
unkown
|
page read and write
|
||
|
100AB000
|
unkown
|
page readonly
|
||
|
13867879000
|
heap
|
page read and write
|
||
|
13867848000
|
heap
|
page read and write
|
||
|
D6C000
|
stack
|
page read and write
|
||
|
212FF3C0000
|
trusted library allocation
|
page read and write
|
||
|
6D3C000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
45FC000
|
heap
|
page read and write
|
||
|
212FF770000
|
trusted library allocation
|
page read and write
|
||
|
212FF5BF000
|
heap
|
page read and write
|
||
|
6D4C000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
5F13000
|
heap
|
page read and write
|
||
|
212FF7C0000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
7D4F000
|
heap
|
page read and write
|
||
|
6D3C000
|
heap
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
13867C02000
|
heap
|
page read and write
|
||
|
13867915000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
13867837000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
65EC000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
C6B000
|
stack
|
page read and write
|
||
|
212FF580000
|
heap
|
page read and write
|
||
|
7834000
|
heap
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
23DE000
|
stack
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
6D48000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
100AA000
|
unkown
|
page read and write
|
||
|
EAF000
|
heap
|
page read and write
|
||
|
101D8000
|
unkown
|
page readonly
|
||
|
101FC000
|
unkown
|
page readonly
|
||
|
101DE000
|
unkown
|
page write copy
|
||
|
81F000
|
stack
|
page read and write
|
||
|
45F8000
|
heap
|
page read and write
|
||
|
49D1000
|
heap
|
page read and write
|
||
|
65EE000
|
heap
|
page read and write
|
||
|
7E2000
|
direct allocation
|
page readonly
|
||
|
7D43000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
31F0000
|
heap
|
page readonly
|
||
|
6DED000
|
heap
|
page read and write
|
||
|
6D48000
|
heap
|
page read and write
|
||
|
51C000
|
stack
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
4632000
|
heap
|
page read and write
|
||
|
461F000
|
heap
|
page read and write
|
||
|
40000
|
heap
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
101DD000
|
unkown
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
45EC000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
7A0000
|
direct allocation
|
page execute read
|
||
|
101DE000
|
unkown
|
page write copy
|
||
|
1386784B000
|
heap
|
page read and write
|
||
|
13867813000
|
unkown
|
page read and write
|
||
|
478E000
|
stack
|
page read and write
|
||
|
7DA000
|
direct allocation
|
page readonly
|
||
|
6D48000
|
heap
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
101DD000
|
unkown
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
109B000
|
stack
|
page read and write
|
||
|
101DD000
|
unkown
|
page read and write
|
||
|
7C0000
|
direct allocation
|
page read and write
|
||
|
6D48000
|
heap
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
4632000
|
heap
|
page read and write
|
||
|
212FFFE0000
|
trusted library allocation
|
page read and write
|
||
|
13867C13000
|
heap
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
101FC000
|
unkown
|
page readonly
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
6022000
|
heap
|
page read and write
|
||
|
101E1000
|
unkown
|
page write copy
|
||
|
45C4000
|
heap
|
page read and write
|
||
|
32D8000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
212FF5B7000
|
heap
|
page read and write
|
||
|
ED1000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
101DD000
|
unkown
|
page read and write
|
||
|
5100000
|
heap
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
4790000
|
heap
|
page readonly
|
||
|
101FC000
|
unkown
|
page readonly
|
||
|
FE0000
|
heap
|
page readonly
|
||
|
101D8000
|
unkown
|
page readonly
|
||
|
32E0000
|
heap
|
page readonly
|
||
|
6D3C000
|
heap
|
page read and write
|
||
|
844DFF9000
|
stack
|
page read and write
|
||
|
6DED000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
293F000
|
stack
|
page read and write
|
||
|
212FF5BF000
|
heap
|
page read and write
|
||
|
66F000
|
stack
|
page read and write
|
||
|
6D3C000
|
heap
|
page read and write
|
||
|
B0F000
|
stack
|
page read and write
|
||
|
212FF578000
|
heap
|
page read and write
|
||
|
6D3C000
|
heap
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
101D8000
|
unkown
|
page readonly
|
||
|
45E000
|
stack
|
page read and write
|
||
|
13867879000
|
heap
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
212FFFD0000
|
heap
|
page readonly
|
||
|
EAF000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page readonly
|
||
|
4632000
|
heap
|
page read and write
|
||
|
4632000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
36BA000
|
heap
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
100AB000
|
unkown
|
page readonly
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
6D4C000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
6F14000
|
heap
|
page read and write
|
||
|
C52000
|
heap
|
page read and write
|
||
|
461F000
|
heap
|
page read and write
|
||
|
82A000
|
heap
|
page read and write
|
||
|
101DD000
|
unkown
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
101E1000
|
unkown
|
page write copy
|
||
|
13867837000
|
heap
|
page read and write
|
||
|
EDB000
|
stack
|
page read and write
|
||
|
9DB000
|
stack
|
page read and write
|
||
|
13867923000
|
heap
|
page read and write
|
||
|
4560000
|
trusted library allocation
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
212FF4F0000
|
heap
|
page read and write
|
||
|
4632000
|
heap
|
page read and write
|
||
|
D7D000
|
unkown
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
13867900000
|
trusted library allocation
|
page read and write
|
||
|
101DE000
|
unkown
|
page write copy
|
||
|
62E000
|
stack
|
page read and write
|
||
|
4632000
|
heap
|
page read and write
|
||
|
6D48000
|
heap
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
4632000
|
heap
|
page read and write
|
||
|
13867D13000
|
heap
|
page read and write
|
||
|
5CF9000
|
heap
|
page read and write
|
||
|
21280390000
|
heap
|
page read and write
|
||
|
65EB000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
D1A000
|
heap
|
page read and write
|
||
|
6D4C000
|
heap
|
page read and write
|
||
|
31C5000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
72F000
|
stack
|
page read and write
|
||
|
4632000
|
heap
|
page read and write
|
||
|
6D3C000
|
heap
|
page read and write
|
||
|
6D48000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
71C000
|
stack
|
page read and write
|
||
|
6D48000
|
heap
|
page read and write
|
||
|
6DED000
|
heap
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
6D4C000
|
heap
|
page read and write
|
||
|
27DB000
|
heap
|
page read and write
|
||
|
212FF3B0000
|
heap
|
page read and write
|
||
|
13867D02000
|
heap
|
page read and write
|
||
|
272E000
|
stack
|
page read and write
|
||
|
4560000
|
trusted library allocation
|
page read and write
|
||
|
212FFDB0000
|
trusted library allocation
|
page read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
100AB000
|
unkown
|
page readonly
|
||
|
6DED000
|
heap
|
page read and write
|
||
|
7548000
|
heap
|
page read and write
|
||
|
212FF510000
|
heap
|
page read and write
|
||
|
7DF000
|
direct allocation
|
page read and write
|
||
|
43B000
|
stack
|
page read and write
|
||
|
6DB000
|
stack
|
page read and write
|
||
|
4632000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
47B000
|
stack
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
703C000
|
heap
|
page read and write
|
||
|
6D3C000
|
heap
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
6D4C000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
27AE000
|
stack
|
page read and write
|
||
|
101FC000
|
unkown
|
page readonly
|
||
|
276E000
|
stack
|
page read and write
|
||
|
55B000
|
stack
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
101FC000
|
unkown
|
page readonly
|
||
|
D8A000
|
heap
|
page read and write
|
||
|
138676F0000
|
heap
|
page read and write
|
||
|
101D8000
|
unkown
|
page readonly
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
45A1000
|
heap
|
page read and write
|
||
|
7832000
|
heap
|
page read and write
|
||
|
844DEF9000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
65E1000
|
heap
|
page read and write
|
||
|
212FF5D9000
|
heap
|
page read and write
|
||
|
100AB000
|
unkown
|
page readonly
|
||
|
5630000
|
heap
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
CDC000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
4629000
|
heap
|
page read and write
|
||
|
6D3C000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
75B000
|
stack
|
page read and write
|
||
|
1386784C000
|
heap
|
page read and write
|
||
|
101DE000
|
unkown
|
page write copy
|
||
|
101E1000
|
unkown
|
page write copy
|
||
|
69C000
|
stack
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
E9C000
|
stack
|
page read and write
|
||
|
844DE7A000
|
stack
|
page read and write
|
||
|
49C1000
|
heap
|
page read and write
|
||
|
DAB000
|
stack
|
page read and write
|
||
|
844DAFB000
|
stack
|
page read and write
|
||
|
21280340000
|
trusted library allocation
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
6D48000
|
heap
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
6DED000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
AEA000
|
heap
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
7039000
|
heap
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
CAB000
|
stack
|
page read and write
|
||
|
16F1F79000
|
stack
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
39A0000
|
heap
|
page read and write
|
||
|
212FF7B0000
|
heap
|
page read and write
|
||
|
4860000
|
heap
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
212FF760000
|
trusted library allocation
|
page read and write
|
||
|
101D8000
|
unkown
|
page readonly
|
||
|
5630000
|
heap
|
page read and write
|
||
|
55B000
|
heap
|
page read and write
|
||
|
13867C00000
|
heap
|
page read and write
|
||
|
22FC000
|
stack
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
7830000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
13867828000
|
heap
|
page read and write
|
||
|
13867D13000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
6D4C000
|
heap
|
page read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
E3A000
|
heap
|
page read and write
|
||
|
105C000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
4632000
|
heap
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
7835000
|
heap
|
page read and write
|
||
|
13867800000
|
unkown
|
page read and write
|
||
|
7036000
|
heap
|
page read and write
|
||
|
6DED000
|
heap
|
page read and write
|
||
|
100AB000
|
unkown
|
page readonly
|
||
|
7E0000
|
heap
|
page readonly
|
There are 418 hidden memdumps, click here to show them.