Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
licking.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_15f3a8ff\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_15f79a68\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_162f9a49\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8fe1ff6253b685daeb750e0d8c1ede8ec9d8783_82810a17_0c7b9ad6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D4B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue May 30 19:55:24 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D4C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue May 30 19:55:24 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F7F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7FAF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER800C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER803C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9335.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue May 30 19:55:29 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER94BC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER952B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA2E4.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue May 30 19:55:33 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4AA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4DA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_13bb9ae6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_14339b25\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_3b59b89922c4cddf77f72f6dd2d986ddcfc674cb_82810a17_1cc7a70c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8fe1ff6253b685daeb750e0d8c1ede8ec9d8783_82810a17_1bab9b83\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8fe1ff6253b685daeb750e0d8c1ede8ec9d8783_82810a17_1cb3a815\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A9D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 04:42:08 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7BA6.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 04:42:08 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D0F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D2E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D6D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D8D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9086.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 04:42:14 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER91C0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER91EF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F3C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 04:42:18 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FD8.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 04:42:18 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA131.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA19F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA1CD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA26A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\de-ch[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (3929), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 32 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\licking.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\licking.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\licking.dll,mv_add_i
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 660
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 652
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\licking.dll,mv_add_q
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\licking.dll,mv_add_stable
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 656
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",mv_add_i
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",mv_add_q
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",mv_add_stable
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",mvutil_license
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\licking.dll",mvutil_configuration
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 652
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 660
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 672
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 664
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 652
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 13 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
https://streams.videolan.org/upload/
|
unknown
|
||
|
https://outlook.live.com/owa/
|
unknown
|
||
|
https://www.onenote.com/?omkt=de-CH
|
unknown
|
||
|
https://js.monitor.azure.com
|
unknown
|
||
|
https://onedrive.live.com/about/de-ch/
|
unknown
|
||
|
https://lpcdn.lpsnmedia.net
|
unknown
|
||
|
https://www.skype.com/de/
|
unknown
|
||
|
https://www.youtube.com/user/MicrosoftCH
|
unknown
|
||
|
https://schema.org
|
unknown
|
||
|
https://mem.gfx.ms
|
unknown
|
||
|
https://aka.ms/yourcaliforniaprivacychoices
|
unknown
|
||
|
https://lptag.liveperson.net
|
unknown
|
||
|
https://analytics.tiktok.com
|
unknown
|
||
|
https://twitter.com/microsoft_ch
|
unknown
|
||
|
https://www.instagram.com/microsoftch/
|
unknown
|
||
|
https://www.clarity.ms
|
unknown
|
||
|
https://accdn.lpsnmedia.net
|
unknown
|
||
|
https://www.linkedin.com/company/1035
|
unknown
|
||
|
https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js
|
unknown
|
||
|
https://www.xbox.com/
|
unknown
|
||
|
https://cdnssl.clicktale.net
|
unknown
|
||
|
https://publisher.liveperson.net
|
unknown
|
||
|
http://schema.org/Organization
|
unknown
|
||
|
https://d.impactradius-event.com
|
unknown
|
||
|
https://start.microsoftapp.net/start?pc_campaign=UHF_Banner_15mkts&adjust=y9xgnyl_5sblqid"
|
unknown
|
There are 16 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
75.143.236.149
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
86.195.14.72
|
unknown
|
France
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
92.186.69.229
|
unknown
|
France
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
14.192.241.76
|
unknown
|
Malaysia
|
|
|
|
173.88.135.179
|
unknown
|
United States
|
|
|
|
84.108.200.161
|
unknown
|
Israel
|
|
|
|
47.34.30.133
|
unknown
|
United States
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
124.149.143.189
|
unknown
|
Australia
|
|
|
|
84.35.26.14
|
unknown
|
Netherlands
|
|
|
|
73.29.92.128
|
unknown
|
United States
|
|
|
|
68.203.69.96
|
unknown
|
United States
|
|
|
|
82.131.141.209
|
unknown
|
Hungary
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
178.175.187.254
|
unknown
|
Moldova Republic of
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
186.64.67.30
|
unknown
|
Argentina
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
81.101.185.146
|
unknown
|
United Kingdom
|
|
|
|
59.28.84.65
|
unknown
|
Korea Republic of
|
|
|
|
105.186.128.181
|
unknown
|
South Africa
|
|
|
|
76.86.31.59
|
unknown
|
United States
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
96.87.28.170
|
unknown
|
United States
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
78.92.133.215
|
unknown
|
Hungary
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
51.14.29.227
|
unknown
|
United Kingdom
|
|
|
|
85.57.212.13
|
unknown
|
Spain
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
80.12.88.148
|
unknown
|
France
|
|
|
|
69.133.162.35
|
unknown
|
United States
|
|
|
|
86.132.236.117
|
unknown
|
United Kingdom
|
|
|
|
151.62.238.176
|
unknown
|
Italy
|
|
|
|
70.112.206.5
|
unknown
|
United States
|
|
|
|
205.237.67.69
|
unknown
|
Canada
|
|
|
|
102.159.188.125
|
unknown
|
Tunisia
|
|
|
|
151.65.167.77
|
unknown
|
Italy
|
|
|
|
76.178.148.107
|
unknown
|
United States
|
|
|
|
89.36.206.69
|
unknown
|
Italy
|
|
|
|
69.242.31.249
|
unknown
|
United States
|
|
|
|
193.253.100.236
|
unknown
|
France
|
|
|
|
76.16.49.134
|
unknown
|
United States
|
|
|
|
94.207.104.225
|
unknown
|
United Arab Emirates
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
78.18.105.11
|
unknown
|
Ireland
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
103.144.201.56
|
unknown
|
unknown
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
98.145.23.67
|
unknown
|
United States
|
|
|
|
47.149.134.231
|
unknown
|
United States
|
|
|
|
82.125.44.236
|
unknown
|
France
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
89.129.109.27
|
unknown
|
Spain
|
|
|
|
122.186.210.254
|
unknown
|
India
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
90.78.147.141
|
unknown
|
France
|
|
|
|
122.184.143.86
|
unknown
|
India
|
|
|
|
186.75.95.6
|
unknown
|
Panama
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
213.64.33.61
|
unknown
|
Sweden
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
86.97.55.89
|
unknown
|
United Arab Emirates
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
174.58.146.57
|
unknown
|
United States
|
|
|
|
78.160.146.127
|
unknown
|
Turkey
|
|
|
|
58.186.75.42
|
unknown
|
Viet Nam
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
50.68.204.71
|
unknown
|
Canada
|
|
|
|
71.38.155.217
|
unknown
|
United States
|
|
|
|
104.35.24.154
|
unknown
|
United States
|
|
|
|
220.240.164.182
|
unknown
|
Australia
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
24.198.114.130
|
unknown
|
United States
|
|
|
|
2.36.64.159
|
unknown
|
Italy
|
|
|
|
198.2.51.242
|
unknown
|
United States
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
113.11.92.30
|
unknown
|
Bangladesh
|
|
|
|
69.119.123.159
|
unknown
|
United States
|
|
|
|
69.123.4.221
|
unknown
|
United States
|
|
|
|
172.115.17.50
|
unknown
|
United States
|
|
|
|
77.86.98.236
|
unknown
|
United Kingdom
|
|
|
|
147.219.4.194
|
unknown
|
United States
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
There are 91 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{9e3cdb75-5149-f6cb-7472-9636b6129b62}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000C987FC7FE
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000C987FC7FE
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Dfwpislouum
|
e58fd74f
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Dfwpislouum
|
d0100701
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Dfwpislouum
|
d251277d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Dfwpislouum
|
6aed4018
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Dfwpislouum
|
17e50f92
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Dfwpislouum
|
af5968f7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Dfwpislouum
|
68ac6064
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Dfwpislouum
|
9ac6b8b9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Dfwpislouum
|
ad18488b
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Dfwpislouum
|
e58fd74f
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiOverridePath
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile
|
WritePermissionsCheck
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile
|
ProviderSyncId
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{02b780bf-659c-77e5-ba77-1642979890d9}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0094A304B22
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0094A304B22
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0094A304B22
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
5b54e7f4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
6ecb37ba
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
6c8a17c6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
d43670a3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
a93e3f29
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
1182584c
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
d67750df
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
241d8802
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
5b54e7f4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
5b54e7f4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
5b54e7f4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Nidjaoruez
|
5b54e7f4
|
There are 67 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5020000
|
heap
|
page read and write
|
|
|
|
33FA000
|
heap
|
page read and write
|
|
|
|
101E3000
|
unkown
|
page write copy
|
||
|
1204000
|
heap
|
page read and write
|
||
|
29F33010000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
6AC2000
|
heap
|
page read and write
|
||
|
29F32E02000
|
heap
|
page read and write
|
||
|
1204000
|
heap
|
page read and write
|
||
|
62B8000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
80D000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
53B4000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
19E9F915000
|
trusted library allocation
|
page read and write
|
||
|
890000
|
heap
|
page readonly
|
||
|
19E9FB02000
|
heap
|
page read and write
|
||
|
635A000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
19E9F87C000
|
heap
|
page read and write
|
||
|
29F32E03000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
47A0000
|
heap
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
19E9F6E0000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
19E9F680000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
heap
|
page readonly
|
||
|
7B1000
|
heap
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page read and write
|
||
|
587A000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
77C000
|
stack
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
509F000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page readonly
|
||
|
29F32E00000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
635B000
|
heap
|
page read and write
|
||
|
9CB000
|
stack
|
page read and write
|
||
|
6AAF000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page readonly
|
||
|
32BA000
|
heap
|
page read and write
|
||
|
62BC000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
3310000
|
direct allocation
|
page execute read
|
||
|
635B000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
29F33B10000
|
trusted library allocation
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
62BC000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
19E9F87E000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
839000
|
heap
|
page read and write
|
||
|
632D000
|
heap
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
19E9FB13000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
634F000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
62B8000
|
heap
|
page read and write
|
||
|
29F32DF9000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
634F000
|
heap
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
29F33D50000
|
heap
|
page readonly
|
||
|
62BC000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
A7B000
|
stack
|
page read and write
|
||
|
F7F000
|
stack
|
page read and write
|
||
|
19E9F840000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
29F32DB0000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
635B000
|
heap
|
page read and write
|
||
|
29F32FF0000
|
trusted library allocation
|
page read and write
|
||
|
29F32DB8000
|
heap
|
page read and write
|
||
|
29F33015000
|
heap
|
page read and write
|
||
|
53B4000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
635D000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
B8C000
|
stack
|
page read and write
|
||
|
6484000
|
heap
|
page read and write
|
||
|
82F000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
1204000
|
heap
|
page read and write
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
67B000
|
stack
|
page read and write
|
||
|
51B1000
|
heap
|
page read and write
|
||
|
97A000
|
heap
|
page read and write
|
||
|
3321000
|
direct allocation
|
page execute read
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
53B4000
|
heap
|
page read and write
|
||
|
632C000
|
heap
|
page read and write
|
||
|
29F33020000
|
trusted library allocation
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
C00000
|
heap
|
page read and write
|
||
|
E73000
|
heap
|
page read and write
|
||
|
635D000
|
heap
|
page read and write
|
||
|
50C1000
|
heap
|
page read and write
|
||
|
65A2000
|
heap
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
6AB2000
|
heap
|
page read and write
|
||
|
5D8F000
|
heap
|
page read and write
|
||
|
91E000
|
stack
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
53B4000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
7FD000
|
heap
|
page read and write
|
||
|
6AA0000
|
heap
|
page read and write
|
||
|
635D000
|
heap
|
page read and write
|
||
|
29F33D70000
|
trusted library allocation
|
page read and write
|
||
|
1204000
|
heap
|
page read and write
|
||
|
634F000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page readonly
|
||
|
1204000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
62B8000
|
heap
|
page read and write
|
||
|
4457679000
|
stack
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
29F32F90000
|
trusted library allocation
|
page read and write
|
||
|
106F000
|
stack
|
page read and write
|
||
|
88F000
|
stack
|
page read and write
|
||
|
62B8000
|
heap
|
page read and write
|
||
|
62BC000
|
heap
|
page read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
4E29000
|
heap
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
19E9F828000
|
heap
|
page read and write
|
||
|
19E9FA13000
|
heap
|
page read and write
|
||
|
445797E000
|
stack
|
page read and write
|
||
|
644C000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
19E9FA02000
|
heap
|
page read and write
|
||
|
B4C000
|
stack
|
page read and write
|
||
|
ECC000
|
stack
|
page read and write
|
||
|
19E9F878000
|
heap
|
page read and write
|
||
|
6AB9000
|
heap
|
page read and write
|
||
|
93A000
|
heap
|
page read and write
|
||
|
635B000
|
heap
|
page read and write
|
||
|
98C000
|
stack
|
page read and write
|
||
|
5D3E000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
C584D79000
|
stack
|
page read and write
|
||
|
19E9FB02000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
632D000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
635D000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page readonly
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
105B000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
3342000
|
direct allocation
|
page readonly
|
||
|
635D000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
632D000
|
heap
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
F0B000
|
stack
|
page read and write
|
||
|
DBF000
|
stack
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
109B000
|
stack
|
page read and write
|
||
|
3360000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
445747D000
|
stack
|
page read and write
|
||
|
19E9F923000
|
heap
|
page read and write
|
||
|
19E9FB00000
|
heap
|
page read and write
|
||
|
32BA000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
29F33DC0000
|
trusted library allocation
|
page read and write
|
||
|
632D000
|
heap
|
page read and write
|
||
|
6FBF000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
29F32F80000
|
trusted library allocation
|
page read and write
|
||
|
1204000
|
heap
|
page read and write
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page readonly
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
65AF000
|
heap
|
page read and write
|
||
|
632D000
|
heap
|
page read and write
|
||
|
19E9F813000
|
unkown
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
3320000
|
direct allocation
|
page read and write
|
||
|
809000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
FEA000
|
heap
|
page read and write
|
||
|
53B4000
|
heap
|
page read and write
|
||
|
632D000
|
heap
|
page read and write
|
||
|
53B4000
|
heap
|
page read and write
|
||
|
632D000
|
heap
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
D7E000
|
stack
|
page read and write
|
||
|
634F000
|
heap
|
page read and write
|
||
|
635B000
|
heap
|
page read and write
|
||
|
A3C000
|
stack
|
page read and write
|
||
|
E78000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
29F32E02000
|
heap
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
5043000
|
heap
|
page read and write
|
||
|
C7A000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
62B8000
|
heap
|
page read and write
|
||
|
109A000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
62BC000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
29F32CB0000
|
heap
|
page read and write
|
||
|
635D000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
19E9F889000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
E5B000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
635B000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
62BC000
|
heap
|
page read and write
|
||
|
29F33019000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
56B000
|
stack
|
page read and write
|
||
|
19E9FA00000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
29F32D20000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
333A000
|
direct allocation
|
page readonly
|
||
|
6ABD000
|
heap
|
page read and write
|
||
|
65AA000
|
heap
|
page read and write
|
||
|
1204000
|
heap
|
page read and write
|
||
|
1204000
|
heap
|
page read and write
|
||
|
632D000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
51B1000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
19E9F670000
|
heap
|
page read and write
|
||
|
105C000
|
stack
|
page read and write
|
||
|
82F000
|
heap
|
page read and write
|
||
|
123E000
|
stack
|
page read and write
|
||
|
509F000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
109B000
|
stack
|
page read and write
|
||
|
7E1000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
53B4000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
635D000
|
heap
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
632D000
|
heap
|
page read and write
|
||
|
19E9F83D000
|
heap
|
page read and write
|
||
|
19E9F800000
|
unkown
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
635D000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
65A6000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page readonly
|
||
|
29F33D40000
|
trusted library allocation
|
page read and write
|
||
|
19E9F878000
|
heap
|
page read and write
|
||
|
62B8000
|
heap
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
82E000
|
stack
|
page read and write
|
||
|
19E9FB13000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
6FCF000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
634F000
|
heap
|
page read and write
|
||
|
A8C000
|
stack
|
page read and write
|
||
|
C0A000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
6AA2000
|
heap
|
page read and write
|
||
|
19E9F83B000
|
heap
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
4457979000
|
stack
|
page read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
19E9F902000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page readonly
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
634F000
|
heap
|
page read and write
|
||
|
6FBD000
|
heap
|
page read and write
|
||
|
634F000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page readonly
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
7BB000
|
stack
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
C584DFA000
|
stack
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
65AE000
|
heap
|
page read and write
|
||
|
635B000
|
heap
|
page read and write
|
||
|
AFA000
|
heap
|
page read and write
|
||
|
29F33D60000
|
trusted library allocation
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
F90000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
F70000
|
heap
|
page read and write
|
||
|
839000
|
heap
|
page read and write
|
||
|
29F32E00000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
52C000
|
stack
|
page read and write
|
||
|
62BC000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
635B000
|
heap
|
page read and write
|
||
|
C584E7E000
|
stack
|
page read and write
|
||
|
C5849AC000
|
stack
|
page read and write
|
||
|
29F32D40000
|
heap
|
page read and write
|
||
|
4CA0000
|
remote allocation
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
635D000
|
heap
|
page read and write
|
||
|
65A1000
|
heap
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
53B4000
|
heap
|
page read and write
|
||
|
C584EF9000
|
stack
|
page read and write
|
||
|
67B000
|
stack
|
page read and write
|
||
|
50C1000
|
heap
|
page read and write
|
||
|
62AC000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
29F32E01000
|
heap
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
19E9F80B000
|
unkown
|
page read and write
|
||
|
62B8000
|
heap
|
page read and write
|
||
|
634F000
|
heap
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
53B4000
|
heap
|
page read and write
|
||
|
29F32CC0000
|
trusted library allocation
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
839000
|
heap
|
page read and write
|
||
|
62BC000
|
heap
|
page read and write
|
||
|
634F000
|
heap
|
page read and write
|
||
|
6ABA000
|
heap
|
page read and write
|
||
|
62B8000
|
heap
|
page read and write
|
||
|
62B8000
|
heap
|
page read and write
|
||
|
19E9F900000
|
trusted library allocation
|
page read and write
|
||
|
62BC000
|
heap
|
page read and write
|
||
|
333F000
|
direct allocation
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
33EF000
|
stack
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
B8B000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
There are 390 hidden memdumps, click here to show them.