Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
licking.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_13bb9ae6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_14339b25\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_1cc7a70c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8fe1ff6253b685daeb750e0d8c1ede8ec9d8783_82810a17_1bab9b83\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8fe1ff6253b685daeb750e0d8c1ede8ec9d8783_82810a17_1cb3a815\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A9D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 04:42:08 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7BA6.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 04:42:08 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D0F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D2E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D6D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D8D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9086.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 04:42:14 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER91C0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER91EF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F3C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 04:42:18 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FD8.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 04:42:18 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA131.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA19F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA1CD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA26A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\de-ch[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (3929), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\licking.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\licking.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\licking.dll,mv_add_i
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 660
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 672
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\licking.dll,mv_add_q
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\licking.dll,mv_add_stable
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 664
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",mv_add_i
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",mv_add_q
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",mv_add_stable
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",mvutil_license
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",mvutil_configuration
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 652
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 9 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://outlook.live.com/owa/
|
unknown
|
||
|
https://www.onenote.com/?omkt=de-CH
|
unknown
|
||
|
https://js.monitor.azure.com
|
unknown
|
||
|
https://onedrive.live.com/about/de-ch/
|
unknown
|
||
|
https://lpcdn.lpsnmedia.net
|
unknown
|
||
|
https://www.skype.com/de/
|
unknown
|
||
|
https://www.youtube.com/user/MicrosoftCH
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://schema.org
|
unknown
|
||
|
https://mem.gfx.ms
|
unknown
|
||
|
https://aka.ms/yourcaliforniaprivacychoices
|
unknown
|
||
|
https://lptag.liveperson.net
|
unknown
|
||
|
https://analytics.tiktok.com
|
unknown
|
||
|
https://twitter.com/microsoft_ch
|
unknown
|
||
|
https://streams.videolan.org/upload/
|
unknown
|
||
|
https://www.instagram.com/microsoftch/
|
unknown
|
||
|
https://www.clarity.ms
|
unknown
|
||
|
https://accdn.lpsnmedia.net
|
unknown
|
||
|
https://www.linkedin.com/company/1035
|
unknown
|
||
|
https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js
|
unknown
|
||
|
https://www.xbox.com/
|
unknown
|
||
|
https://cdnssl.clicktale.net
|
unknown
|
||
|
https://publisher.liveperson.net
|
unknown
|
||
|
http://schema.org/Organization
|
unknown
|
||
|
https://d.impactradius-event.com
|
unknown
|
||
|
https://start.microsoftapp.net/start?pc_campaign=UHF_Banner_15mkts&adjust=y9xgnyl_5sblqid"
|
unknown
|
There are 16 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
75.143.236.149
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
86.195.14.72
|
unknown
|
France
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
92.186.69.229
|
unknown
|
France
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
14.192.241.76
|
unknown
|
Malaysia
|
|
|
|
173.88.135.179
|
unknown
|
United States
|
|
|
|
84.108.200.161
|
unknown
|
Israel
|
|
|
|
47.34.30.133
|
unknown
|
United States
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
124.149.143.189
|
unknown
|
Australia
|
|
|
|
84.35.26.14
|
unknown
|
Netherlands
|
|
|
|
73.29.92.128
|
unknown
|
United States
|
|
|
|
68.203.69.96
|
unknown
|
United States
|
|
|
|
82.131.141.209
|
unknown
|
Hungary
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
178.175.187.254
|
unknown
|
Moldova Republic of
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
186.64.67.30
|
unknown
|
Argentina
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
81.101.185.146
|
unknown
|
United Kingdom
|
|
|
|
59.28.84.65
|
unknown
|
Korea Republic of
|
|
|
|
105.186.128.181
|
unknown
|
South Africa
|
|
|
|
76.86.31.59
|
unknown
|
United States
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
96.87.28.170
|
unknown
|
United States
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
78.92.133.215
|
unknown
|
Hungary
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
51.14.29.227
|
unknown
|
United Kingdom
|
|
|
|
85.57.212.13
|
unknown
|
Spain
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
80.12.88.148
|
unknown
|
France
|
|
|
|
69.133.162.35
|
unknown
|
United States
|
|
|
|
86.132.236.117
|
unknown
|
United Kingdom
|
|
|
|
151.62.238.176
|
unknown
|
Italy
|
|
|
|
70.112.206.5
|
unknown
|
United States
|
|
|
|
205.237.67.69
|
unknown
|
Canada
|
|
|
|
102.159.188.125
|
unknown
|
Tunisia
|
|
|
|
151.65.167.77
|
unknown
|
Italy
|
|
|
|
76.178.148.107
|
unknown
|
United States
|
|
|
|
89.36.206.69
|
unknown
|
Italy
|
|
|
|
69.242.31.249
|
unknown
|
United States
|
|
|
|
193.253.100.236
|
unknown
|
France
|
|
|
|
76.16.49.134
|
unknown
|
United States
|
|
|
|
94.207.104.225
|
unknown
|
United Arab Emirates
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
78.18.105.11
|
unknown
|
Ireland
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
103.144.201.56
|
unknown
|
unknown
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
98.145.23.67
|
unknown
|
United States
|
|
|
|
47.149.134.231
|
unknown
|
United States
|
|
|
|
82.125.44.236
|
unknown
|
France
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
89.129.109.27
|
unknown
|
Spain
|
|
|
|
122.186.210.254
|
unknown
|
India
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
90.78.147.141
|
unknown
|
France
|
|
|
|
122.184.143.86
|
unknown
|
India
|
|
|
|
186.75.95.6
|
unknown
|
Panama
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
213.64.33.61
|
unknown
|
Sweden
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
86.97.55.89
|
unknown
|
United Arab Emirates
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
174.58.146.57
|
unknown
|
United States
|
|
|
|
78.160.146.127
|
unknown
|
Turkey
|
|
|
|
58.186.75.42
|
unknown
|
Viet Nam
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
50.68.204.71
|
unknown
|
Canada
|
|
|
|
71.38.155.217
|
unknown
|
United States
|
|
|
|
104.35.24.154
|
unknown
|
United States
|
|
|
|
220.240.164.182
|
unknown
|
Australia
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
24.198.114.130
|
unknown
|
United States
|
|
|
|
2.36.64.159
|
unknown
|
Italy
|
|
|
|
198.2.51.242
|
unknown
|
United States
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
113.11.92.30
|
unknown
|
Bangladesh
|
|
|
|
69.119.123.159
|
unknown
|
United States
|
|
|
|
69.123.4.221
|
unknown
|
United States
|
|
|
|
172.115.17.50
|
unknown
|
United States
|
|
|
|
77.86.98.236
|
unknown
|
United Kingdom
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiOverridePath
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile
|
WritePermissionsCheck
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile
|
ProviderSyncId
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0094A304B22
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0094A304B22
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0094A304B22
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
5b54e7f4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
6ecb37ba
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
6c8a17c6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
d43670a3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
a93e3f29
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
1182584c
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
d67750df
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
241d8802
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
5b54e7f4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
5b54e7f4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
5b54e7f4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
5b54e7f4
|
There are 40 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
DDA000
|
heap
|
page read and write
|
|
|
|
4910000
|
heap
|
page read and write
|
|
|
|
860000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
14DC92F0000
|
trusted library allocation
|
page read and write
|
||
|
6664000
|
heap
|
page read and write
|
||
|
65DD000
|
heap
|
page read and write
|
||
|
69F000
|
stack
|
page read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
278620F0000
|
heap
|
page read and write
|
||
|
27862288000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
33C000
|
stack
|
page read and write
|
||
|
6664000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
27862228000
|
heap
|
page read and write
|
||
|
14DC9338000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
FEE000
|
stack
|
page read and write
|
||
|
75A9000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
304F000
|
stack
|
page read and write
|
||
|
311F000
|
stack
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
BF0000
|
heap
|
page readonly
|
||
|
65DD000
|
heap
|
page read and write
|
||
|
2786224A000
|
unkown
|
page read and write
|
||
|
B2B000
|
stack
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
C64000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
27862400000
|
heap
|
page read and write
|
||
|
4A20000
|
heap
|
page read and write
|
||
|
6640000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
65DD000
|
heap
|
page read and write
|
||
|
653C000
|
heap
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
65AD000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
47CA000
|
direct allocation
|
page readonly
|
||
|
7235000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
498F000
|
heap
|
page read and write
|
||
|
13F253C000
|
stack
|
page read and write
|
||
|
FAF000
|
stack
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
27862500000
|
heap
|
page read and write
|
||
|
EDB000
|
stack
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
2786224D000
|
heap
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
3550000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
BFF000
|
stack
|
page read and write
|
||
|
C64000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
C64000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
79F7000
|
heap
|
page read and write
|
||
|
65AD000
|
heap
|
page read and write
|
||
|
653C000
|
heap
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
6664000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
6538000
|
heap
|
page read and write
|
||
|
652C000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
C64000
|
heap
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
870000
|
heap
|
page read and write
|
||
|
27862513000
|
heap
|
page read and write
|
||
|
C64000
|
heap
|
page read and write
|
||
|
653C000
|
heap
|
page read and write
|
||
|
6538000
|
heap
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
65AD000
|
heap
|
page read and write
|
||
|
14DC9230000
|
heap
|
page read and write
|
||
|
6640000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
652C000
|
heap
|
page read and write
|
||
|
4F7A000
|
heap
|
page read and write
|
||
|
5E61000
|
heap
|
page read and write
|
||
|
EEA000
|
heap
|
page read and write
|
||
|
217F000
|
stack
|
page read and write
|
||
|
65DB000
|
heap
|
page read and write
|
||
|
652C000
|
heap
|
page read and write
|
||
|
6CF1000
|
heap
|
page read and write
|
||
|
65DB000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
D30000
|
heap
|
page read and write
|
||
|
5E61000
|
heap
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
FCE000
|
stack
|
page read and write
|
||
|
4570000
|
heap
|
page read and write
|
||
|
44E000
|
stack
|
page read and write
|
||
|
7C39000
|
heap
|
page read and write
|
||
|
6538000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
6104000
|
heap
|
page read and write
|
||
|
AEC000
|
stack
|
page read and write
|
||
|
14DC9E30000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page readonly
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
C50000
|
heap
|
page read and write
|
||
|
B9B000
|
stack
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
27862413000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
13F2A79000
|
stack
|
page read and write
|
||
|
27862514000
|
heap
|
page read and write
|
||
|
2786224C000
|
unkown
|
page read and write
|
||
|
47B1000
|
direct allocation
|
page execute read
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
65DB000
|
heap
|
page read and write
|
||
|
27862402000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
D30000
|
direct allocation
|
page execute read
|
||
|
D7E000
|
stack
|
page read and write
|
||
|
84DE000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
653C000
|
heap
|
page read and write
|
||
|
14DC9374000
|
heap
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
6640000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
27862302000
|
trusted library allocation
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
652C000
|
heap
|
page read and write
|
||
|
65AD000
|
heap
|
page read and write
|
||
|
4A3F000
|
stack
|
page read and write
|
||
|
3297000
|
heap
|
page read and write
|
||
|
7098000
|
heap
|
page read and write
|
||
|
65DD000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
65AD000
|
heap
|
page read and write
|
||
|
6F21000
|
heap
|
page read and write
|
||
|
65AD000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
4F7A000
|
heap
|
page read and write
|
||
|
14DC9100000
|
heap
|
page read and write
|
||
|
14DCA070000
|
trusted library allocation
|
page read and write
|
||
|
4F6F000
|
heap
|
page read and write
|
||
|
316A000
|
heap
|
page read and write
|
||
|
4F7A000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
98C000
|
stack
|
page read and write
|
||
|
47E1000
|
heap
|
page read and write
|
||
|
4F7A000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2786220D000
|
unkown
|
page read and write
|
||
|
47B0000
|
direct allocation
|
page read and write
|
||
|
47D2000
|
direct allocation
|
page readonly
|
||
|
5DE0000
|
trusted library allocation
|
page read and write
|
||
|
652C000
|
heap
|
page read and write
|
||
|
4DAF000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
6640000
|
heap
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
14DC9105000
|
heap
|
page read and write
|
||
|
DCF000
|
stack
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
6FE7000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
400000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
4933000
|
heap
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
5BC000
|
stack
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
EDE000
|
heap
|
page read and write
|
||
|
7CC000
|
stack
|
page read and write
|
||
|
306C000
|
stack
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
74F4000
|
heap
|
page read and write
|
||
|
13F28F9000
|
stack
|
page read and write
|
||
|
27862513000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
14DCA040000
|
trusted library allocation
|
page read and write
|
||
|
14DC9270000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
6640000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
35AA000
|
heap
|
page read and write
|
||
|
5FB000
|
stack
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
C64000
|
heap
|
page read and write
|
||
|
E9C000
|
stack
|
page read and write
|
||
|
653C000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
7CF6000
|
heap
|
page read and write
|
||
|
2786224A000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page readonly
|
||
|
4F7A000
|
heap
|
page read and write
|
||
|
D9AD5F9000
|
stack
|
page read and write
|
||
|
14DCA060000
|
trusted library allocation
|
page read and write
|
||
|
47CF000
|
direct allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
DBF000
|
stack
|
page read and write
|
||
|
13F2979000
|
stack
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
93A000
|
heap
|
page read and write
|
||
|
652C000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
6D2A000
|
heap
|
page read and write
|
||
|
65DD000
|
heap
|
page read and write
|
||
|
6538000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page readonly
|
||
|
65DD000
|
heap
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
E2B000
|
stack
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
4F7A000
|
heap
|
page read and write
|
||
|
14DC92E0000
|
trusted library allocation
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
65DB000
|
heap
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
14DC9330000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
65DB000
|
heap
|
page read and write
|
||
|
C64000
|
heap
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
2786224C000
|
unkown
|
page read and write
|
||
|
6538000
|
heap
|
page read and write
|
||
|
582000
|
heap
|
page read and write
|
||
|
27862517000
|
heap
|
page read and write
|
||
|
65AD000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
9CB000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
14DC9109000
|
heap
|
page read and write
|
||
|
4F14000
|
heap
|
page read and write
|
||
|
653C000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
4F48000
|
heap
|
page read and write
|
||
|
6538000
|
heap
|
page read and write
|
||
|
355A000
|
heap
|
page read and write
|
||
|
1BB000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
830000
|
heap
|
page read and write
|
||
|
34D0000
|
heap
|
page readonly
|
||
|
FE0000
|
heap
|
page readonly
|
||
|
6538000
|
heap
|
page read and write
|
||
|
56B000
|
heap
|
page read and write
|
||
|
6538000
|
heap
|
page read and write
|
||
|
27862300000
|
trusted library allocation
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
27862502000
|
heap
|
page read and write
|
||
|
4F7A000
|
heap
|
page read and write
|
||
|
47E1000
|
heap
|
page read and write
|
||
|
4EF1000
|
heap
|
page read and write
|
||
|
75F000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
6664000
|
heap
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
653C000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
2786228A000
|
heap
|
page read and write
|
||
|
5DE0000
|
trusted library allocation
|
page read and write
|
||
|
72C8000
|
heap
|
page read and write
|
||
|
653C000
|
heap
|
page read and write
|
||
|
6538000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
14DC937C000
|
heap
|
page read and write
|
||
|
7CF6000
|
heap
|
page read and write
|
||
|
4F4C000
|
heap
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
DEC000
|
stack
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
60CC000
|
heap
|
page read and write
|
||
|
65DB000
|
heap
|
page read and write
|
||
|
3297000
|
heap
|
page read and write
|
||
|
14DC937C000
|
heap
|
page read and write
|
||
|
65DB000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page readonly
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
652C000
|
heap
|
page read and write
|
||
|
4F7A000
|
heap
|
page read and write
|
||
|
14DC9341000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
13F29FF000
|
stack
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
27862315000
|
trusted library allocation
|
page read and write
|
||
|
47E0000
|
heap
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
65AD000
|
heap
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
6640000
|
heap
|
page read and write
|
||
|
2786228A000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page readonly
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
27862524000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
6664000
|
heap
|
page read and write
|
||
|
30AB000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
652C000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
6FE9000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
14DC9250000
|
heap
|
page read and write
|
||
|
14DCA0C0000
|
trusted library allocation
|
page read and write
|
||
|
14DC90F0000
|
heap
|
page read and write
|
||
|
576000
|
heap
|
page read and write
|
||
|
4F7A000
|
heap
|
page read and write
|
||
|
17C000
|
stack
|
page read and write
|
||
|
B3F000
|
stack
|
page read and write
|
||
|
6664000
|
heap
|
page read and write
|
||
|
C64000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
14DCA050000
|
heap
|
page readonly
|
||
|
65DB000
|
heap
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
37B000
|
stack
|
page read and write
|
||
|
FB0000
|
heap
|
page readonly
|
||
|
7FC5000
|
heap
|
page read and write
|
||
|
27862200000
|
unkown
|
page read and write
|
||
|
714B000
|
heap
|
page read and write
|
||
|
77D8000
|
heap
|
page read and write
|
||
|
A3B000
|
stack
|
page read and write
|
||
|
480E000
|
stack
|
page read and write
|
||
|
65DD000
|
heap
|
page read and write
|
||
|
652C000
|
heap
|
page read and write
|
||
|
27862502000
|
heap
|
page read and write
|
||
|
D9AD979000
|
stack
|
page read and write
|
||
|
27862090000
|
trusted library allocation
|
page read and write
|
||
|
6664000
|
heap
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
4E2F000
|
stack
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
14DC937C000
|
heap
|
page read and write
|
||
|
65DB000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
27862213000
|
unkown
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
65CF000
|
heap
|
page read and write
|
||
|
765D000
|
heap
|
page read and write
|
||
|
65AD000
|
heap
|
page read and write
|
||
|
6640000
|
heap
|
page read and write
|
||
|
B5C000
|
stack
|
page read and write
|
||
|
27862080000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
14DC92D0000
|
trusted library allocation
|
page read and write
|
||
|
4F7A000
|
heap
|
page read and write
|
||
|
6640000
|
heap
|
page read and write
|
||
|
484F000
|
stack
|
page read and write
|
||
|
DE0000
|
heap
|
page readonly
|
||
|
110000
|
heap
|
page read and write
|
||
|
318A000
|
heap
|
page read and write
|
||
|
653C000
|
heap
|
page read and write
|
||
|
D9AD47D000
|
stack
|
page read and write
|
||
|
4F6F000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
65AC000
|
unkown
|
page read and write
|
||
|
65DD000
|
heap
|
page read and write
|
||
|
309A000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
65E000
|
stack
|
page read and write
|
||
|
14DC9430000
|
trusted library allocation
|
page read and write
|
||
|
6640000
|
heap
|
page read and write
|
||
|
498F000
|
heap
|
page read and write
|
||
|
6664000
|
heap
|
page read and write
|
||
|
6664000
|
heap
|
page read and write
|
||
|
65DD000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
5DE0000
|
trusted library allocation
|
page read and write
|
||
|
77E7000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
27862323000
|
heap
|
page read and write
|
There are 412 hidden memdumps, click here to show them.