Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
F086.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_92f46c7f299346a6ffcb64477668158ac3e1de1_82810a17_1b34096c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_e81cd1d5139fff9fe89f63caf8b194b6696e72da_82810a17_1077f69f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_e81cd1d5139fff9fe89f63caf8b194b6696e72da_82810a17_132ff69f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_e81cd1d5139fff9fe89f63caf8b194b6696e72da_82810a17_1394167c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER10EE.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 00:14:11 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1246.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER12A5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E4.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 00:14:07 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER47B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4DA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERED39.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 00:14:01 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERED68.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 00:14:01 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE92.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREED0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF2F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREFBD.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_92f46c7f299346a6ffcb64477668158ac3e1de1_82810a17_115c31ef\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_92f46c7f299346a6ffcb64477668158ac3e1de1_82810a17_1bf84170\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_e81cd1d5139fff9fe89f63caf8b194b6696e72da_82810a17_0aac24e0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_e81cd1d5139fff9fe89f63caf8b194b6696e72da_82810a17_16cc24ef\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_e81cd1d5139fff9fe89f63caf8b194b6696e72da_82810a17_1b044132\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1714.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 08:59:10 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1763.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 08:59:10 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1909.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1929.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1939.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1959.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C42.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 08:59:15 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D9B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E09.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER39A0.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 08:59:19 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER39CF.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 08:59:19 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B86.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B95.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3BC5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3C04.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\national[1].htm
|
HTML document, ASCII text, with very long lines (65212)
|
dropped
|
There are 31 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\F086.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\F086.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\F086.dll,mv_add_i
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\F086.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 668
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\F086.dll,mv_add_q
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\F086.dll,mv_add_stable
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 652
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\F086.dll",mv_add_i
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\F086.dll",mv_add_q
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\F086.dll",mv_add_stable
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\F086.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\F086.dll",mvutil_license
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\F086.dll",mvutil_configuration
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 652
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 660
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 652
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 13 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
https://streams.videolan.org/upload/
|
unknown
|
||
|
https://www.xfinity.com/mobile/policies/broadband-disclosures
|
unknown
|
||
|
https://www.xfinity.com/learn/internet-service/acp
|
unknown
|
||
|
https://www.xfinity.com/networkmanagement
|
unknown
|
||
|
https://xfinity.com/
|
68.87.41.40
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
windowsupdatebg.s.llnwi.net
|
95.140.230.192
|
||
|
xfinity.com
|
68.87.41.40
|
||
|
www.xfinity.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
75.143.236.149
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
86.195.14.72
|
unknown
|
France
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
92.186.69.229
|
unknown
|
France
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
14.192.241.76
|
unknown
|
Malaysia
|
|
|
|
173.88.135.179
|
unknown
|
United States
|
|
|
|
84.108.200.161
|
unknown
|
Israel
|
|
|
|
47.34.30.133
|
unknown
|
United States
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
124.149.143.189
|
unknown
|
Australia
|
|
|
|
84.35.26.14
|
unknown
|
Netherlands
|
|
|
|
73.29.92.128
|
unknown
|
United States
|
|
|
|
68.203.69.96
|
unknown
|
United States
|
|
|
|
82.131.141.209
|
unknown
|
Hungary
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
178.175.187.254
|
unknown
|
Moldova Republic of
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
186.64.67.30
|
unknown
|
Argentina
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
81.101.185.146
|
unknown
|
United Kingdom
|
|
|
|
59.28.84.65
|
unknown
|
Korea Republic of
|
|
|
|
105.186.128.181
|
unknown
|
South Africa
|
|
|
|
76.86.31.59
|
unknown
|
United States
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
96.87.28.170
|
unknown
|
United States
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
78.92.133.215
|
unknown
|
Hungary
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
51.14.29.227
|
unknown
|
United Kingdom
|
|
|
|
85.57.212.13
|
unknown
|
Spain
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
80.12.88.148
|
unknown
|
France
|
|
|
|
69.133.162.35
|
unknown
|
United States
|
|
|
|
86.132.236.117
|
unknown
|
United Kingdom
|
|
|
|
151.62.238.176
|
unknown
|
Italy
|
|
|
|
70.112.206.5
|
unknown
|
United States
|
|
|
|
205.237.67.69
|
unknown
|
Canada
|
|
|
|
102.159.188.125
|
unknown
|
Tunisia
|
|
|
|
151.65.167.77
|
unknown
|
Italy
|
|
|
|
76.178.148.107
|
unknown
|
United States
|
|
|
|
89.36.206.69
|
unknown
|
Italy
|
|
|
|
69.242.31.249
|
unknown
|
United States
|
|
|
|
193.253.100.236
|
unknown
|
France
|
|
|
|
76.16.49.134
|
unknown
|
United States
|
|
|
|
94.207.104.225
|
unknown
|
United Arab Emirates
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
78.18.105.11
|
unknown
|
Ireland
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
103.144.201.56
|
unknown
|
unknown
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
98.145.23.67
|
unknown
|
United States
|
|
|
|
47.149.134.231
|
unknown
|
United States
|
|
|
|
82.125.44.236
|
unknown
|
France
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
89.129.109.27
|
unknown
|
Spain
|
|
|
|
122.186.210.254
|
unknown
|
India
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
90.78.147.141
|
unknown
|
France
|
|
|
|
122.184.143.86
|
unknown
|
India
|
|
|
|
186.75.95.6
|
unknown
|
Panama
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
213.64.33.61
|
unknown
|
Sweden
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
86.97.55.89
|
unknown
|
United Arab Emirates
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
174.58.146.57
|
unknown
|
United States
|
|
|
|
78.160.146.127
|
unknown
|
Turkey
|
|
|
|
58.186.75.42
|
unknown
|
Viet Nam
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
50.68.204.71
|
unknown
|
Canada
|
|
|
|
71.38.155.217
|
unknown
|
United States
|
|
|
|
104.35.24.154
|
unknown
|
United States
|
|
|
|
220.240.164.182
|
unknown
|
Australia
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
24.198.114.130
|
unknown
|
United States
|
|
|
|
2.36.64.159
|
unknown
|
Italy
|
|
|
|
198.2.51.242
|
unknown
|
United States
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
113.11.92.30
|
unknown
|
Bangladesh
|
|
|
|
69.119.123.159
|
unknown
|
United States
|
|
|
|
69.123.4.221
|
unknown
|
United States
|
|
|
|
172.115.17.50
|
unknown
|
United States
|
|
|
|
77.86.98.236
|
unknown
|
United Kingdom
|
|
|
|
147.219.4.194
|
unknown
|
United States
|
|
|
|
68.87.41.40
|
xfinity.com
|
United States
|
||
|
192.168.2.1
|
unknown
|
unknown
|
There are 92 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{d31567b4-b366-ce1b-109a-00469b6bdfcb}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tloohfheod
|
d2f50c5f
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tloohfheod
|
e76adc11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tloohfheod
|
e52bfc6d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tloohfheod
|
5d979b08
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tloohfheod
|
209fd482
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tloohfheod
|
9823b3e7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tloohfheod
|
5fd6bb74
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tloohfheod
|
adbc63a9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tloohfheod
|
9a62939b
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tloohfheod
|
d2f50c5f
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
001840064172BCE4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{d736e1ae-b7fc-e967-4116-d0056ebfda58}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
001840064172BCE4
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
3c3af57a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
9a52534
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
be40548
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
b358622d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
ce502da7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
76ec4ac2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
b1194251
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
43739a8c
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
3c3af57a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
3c3af57a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
3c3af57a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ebyawxoonc
|
3c3af57a
|
There are 60 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
B3A000
|
heap
|
page read and write
|
|
|
|
4780000
|
heap
|
page read and write
|
|
|
|
12B7000
|
heap
|
page read and write
|
||
|
27724F30000
|
heap
|
page read and write
|
||
|
1EC76B02000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
70EC000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
C1C000
|
heap
|
page read and write
|
||
|
27724F02000
|
heap
|
page read and write
|
||
|
27724F00000
|
heap
|
page read and write
|
||
|
27724F55000
|
heap
|
page read and write
|
||
|
70DC000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
27724F37000
|
heap
|
page read and write
|
||
|
2772449C000
|
heap
|
page read and write
|
||
|
107C000
|
stack
|
page read and write
|
||
|
27724F0E000
|
heap
|
page read and write
|
||
|
27724F5D000
|
heap
|
page read and write
|
||
|
27724F6C000
|
heap
|
page read and write
|
||
|
75D1000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
3570000
|
heap
|
page read and write
|
||
|
7214000
|
heap
|
page read and write
|
||
|
70E8000
|
heap
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
70DC000
|
heap
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
27724F5B000
|
heap
|
page read and write
|
||
|
27724F53000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
2772447E000
|
heap
|
page read and write
|
||
|
717F000
|
heap
|
page read and write
|
||
|
1061000
|
direct allocation
|
page execute read
|
||
|
33E839D000
|
stack
|
page read and write
|
||
|
FEDE0FC000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
277243A0000
|
trusted library allocation
|
page read and write
|
||
|
154404F0000
|
heap
|
page read and write
|
||
|
718D000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
277244C7000
|
heap
|
page read and write
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
625C000
|
heap
|
page read and write
|
||
|
70EC000
|
heap
|
page read and write
|
||
|
70E8000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
F5F000
|
stack
|
page read and write
|
||
|
41072FE000
|
stack
|
page read and write
|
||
|
15440860000
|
heap
|
page read and write
|
||
|
27724F65000
|
heap
|
page read and write
|
||
|
C16000
|
heap
|
page read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
4106F1B000
|
stack
|
page read and write
|
||
|
7214000
|
heap
|
page read and write
|
||
|
10BB000
|
stack
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
5FF1000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
718B000
|
heap
|
page read and write
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
15440850000
|
trusted library allocation
|
page read and write
|
||
|
70EC000
|
heap
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
1EC76B13000
|
heap
|
page read and write
|
||
|
27724F73000
|
heap
|
page read and write
|
||
|
104A000
|
heap
|
page read and write
|
||
|
70E8000
|
heap
|
page read and write
|
||
|
3588000
|
heap
|
page read and write
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
810000
|
heap
|
page readonly
|
||
|
36E0000
|
heap
|
page readonly
|
||
|
27724F30000
|
heap
|
page read and write
|
||
|
27724F65000
|
heap
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
11AF000
|
stack
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
715C000
|
heap
|
page read and write
|
||
|
1EC76A00000
|
heap
|
page read and write
|
||
|
75DE000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
6BCD000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
FEF000
|
stack
|
page read and write
|
||
|
4F21000
|
heap
|
page read and write
|
||
|
27724F57000
|
heap
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
47A3000
|
heap
|
page read and write
|
||
|
154405DD000
|
heap
|
page read and write
|
||
|
70EC000
|
heap
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
27724F6B000
|
heap
|
page read and write
|
||
|
27724F32000
|
heap
|
page read and write
|
||
|
1222000
|
remote allocation
|
page readonly
|
||
|
27724F6F000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
27724502000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
717F000
|
heap
|
page read and write
|
||
|
154405E0000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
C50000
|
heap
|
page readonly
|
||
|
5FF1000
|
heap
|
page read and write
|
||
|
27724F57000
|
heap
|
page read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
27724F80000
|
heap
|
page read and write
|
||
|
27724E15000
|
heap
|
page read and write
|
||
|
27724F5A000
|
heap
|
page read and write
|
||
|
1EC76613000
|
unkown
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
1000000
|
heap
|
page readonly
|
||
|
960000
|
heap
|
page read and write
|
||
|
277244C3000
|
heap
|
page read and write
|
||
|
4F4C000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
4980000
|
heap
|
page read and write
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
333A000
|
heap
|
page read and write
|
||
|
75D2000
|
heap
|
page read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
27724E00000
|
heap
|
page read and write
|
||
|
70E8000
|
heap
|
page read and write
|
||
|
1010000
|
heap
|
page readonly
|
||
|
3500000
|
heap
|
page read and write
|
||
|
7214000
|
heap
|
page read and write
|
||
|
27724F13000
|
heap
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
27724F5D000
|
heap
|
page read and write
|
||
|
154405D6000
|
heap
|
page read and write
|
||
|
718B000
|
heap
|
page read and write
|
||
|
27724425000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
27724F7E000
|
heap
|
page read and write
|
||
|
27724F63000
|
heap
|
page read and write
|
||
|
718B000
|
heap
|
page read and write
|
||
|
27724F35000
|
heap
|
page read and write
|
||
|
41073FE000
|
stack
|
page read and write
|
||
|
7214000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
7214000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
27724F53000
|
heap
|
page read and write
|
||
|
75D7000
|
heap
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
107A000
|
direct allocation
|
page readonly
|
||
|
B30000
|
heap
|
page read and write
|
||
|
1EC76702000
|
trusted library allocation
|
page read and write
|
||
|
717F000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
66BD000
|
heap
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
1082000
|
direct allocation
|
page readonly
|
||
|
154405A0000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page readonly
|
||
|
27724F32000
|
heap
|
page read and write
|
||
|
BAC000
|
stack
|
page read and write
|
||
|
15440560000
|
trusted library allocation
|
page read and write
|
||
|
27724F56000
|
heap
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
718D000
|
heap
|
page read and write
|
||
|
1EC7660D000
|
unkown
|
page read and write
|
||
|
717F000
|
heap
|
page read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
27724F59000
|
heap
|
page read and write
|
||
|
15440865000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
7214000
|
heap
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
70EC000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
7AE2000
|
heap
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
1EC76686000
|
heap
|
page read and write
|
||
|
70E8000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
63C000
|
stack
|
page read and write
|
||
|
15441220000
|
trusted library allocation
|
page read and write
|
||
|
FEDE1F9000
|
stack
|
page read and write
|
||
|
95C000
|
stack
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
3300000
|
heap
|
page readonly
|
||
|
109E000
|
stack
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
70DC000
|
heap
|
page read and write
|
||
|
4107479000
|
stack
|
page read and write
|
||
|
4A7F000
|
stack
|
page read and write
|
||
|
70DC000
|
heap
|
page read and write
|
||
|
1EC7664A000
|
heap
|
page read and write
|
||
|
27724477000
|
heap
|
page read and write
|
||
|
1EC76639000
|
heap
|
page read and write
|
||
|
277244CA000
|
heap
|
page read and write
|
||
|
27724F2A000
|
heap
|
page read and write
|
||
|
12B7000
|
heap
|
page read and write
|
||
|
1200000
|
remote allocation
|
page read and write
|
||
|
718B000
|
heap
|
page read and write
|
||
|
FEDE3FB000
|
stack
|
page read and write
|
||
|
27724F32000
|
heap
|
page read and write
|
||
|
4820000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
27724F32000
|
heap
|
page read and write
|
||
|
718D000
|
heap
|
page read and write
|
||
|
718D000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
FEDDFFB000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
15441450000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
27724F78000
|
heap
|
page read and write
|
||
|
2772445A000
|
heap
|
page read and write
|
||
|
718B000
|
heap
|
page read and write
|
||
|
27724310000
|
heap
|
page read and write
|
||
|
75D1000
|
heap
|
page read and write
|
||
|
27724427000
|
heap
|
page read and write
|
||
|
27724500000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
27724F80000
|
heap
|
page read and write
|
||
|
7AEE000
|
heap
|
page read and write
|
||
|
7AEF000
|
heap
|
page read and write
|
||
|
718B000
|
heap
|
page read and write
|
||
|
718B000
|
heap
|
page read and write
|
||
|
4F6F000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
15440580000
|
trusted library allocation
|
page read and write
|
||
|
27724F53000
|
heap
|
page read and write
|
||
|
1201000
|
remote allocation
|
page execute read
|
||
|
70EC000
|
heap
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
715D000
|
heap
|
page read and write
|
||
|
4F6F000
|
heap
|
page read and write
|
||
|
7AED000
|
heap
|
page read and write
|
||
|
27724F85000
|
heap
|
page read and write
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
101DF000
|
unkown
|
page read and write
|
||
|
54CE000
|
stack
|
page read and write
|
||
|
7AE2000
|
heap
|
page read and write
|
||
|
718D000
|
heap
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
FB0000
|
heap
|
page readonly
|
||
|
27724494000
|
heap
|
page read and write
|
||
|
FEDDDFA000
|
stack
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
10AA000
|
heap
|
page read and write
|
||
|
1EC76B13000
|
heap
|
page read and write
|
||
|
27724481000
|
heap
|
page read and write
|
||
|
47FF000
|
heap
|
page read and write
|
||
|
717F000
|
heap
|
page read and write
|
||
|
106A000
|
heap
|
page read and write
|
||
|
154405DE000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
34E0000
|
heap
|
page read and write
|
||
|
27724F59000
|
heap
|
page read and write
|
||
|
718D000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
7AE8000
|
heap
|
page read and write
|
||
|
27724F5F000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
277244BB000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
717F000
|
heap
|
page read and write
|
||
|
27724F53000
|
heap
|
page read and write
|
||
|
697C000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
27724F70000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
C21000
|
heap
|
page read and write
|
||
|
15440598000
|
heap
|
page read and write
|
||
|
27724F5B000
|
heap
|
page read and write
|
||
|
27724300000
|
heap
|
page read and write
|
||
|
FEDD99C000
|
stack
|
page read and write
|
||
|
7214000
|
heap
|
page read and write
|
||
|
85C000
|
stack
|
page read and write
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
121A000
|
remote allocation
|
page read and write
|
||
|
2772445C000
|
heap
|
page read and write
|
||
|
27724413000
|
heap
|
page read and write
|
||
|
27724F53000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
4AE0000
|
heap
|
page read and write
|
||
|
70DC000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
1EC76B00000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
27724F7E000
|
heap
|
page read and write
|
||
|
27724429000
|
heap
|
page read and write
|
||
|
1EC76723000
|
heap
|
page read and write
|
||
|
1EC765F0000
|
heap
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
27724F55000
|
heap
|
page read and write
|
||
|
154405EB000
|
heap
|
page read and write
|
||
|
715D000
|
heap
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
7214000
|
heap
|
page read and write
|
||
|
E7B000
|
stack
|
page read and write
|
||
|
1EC76686000
|
heap
|
page read and write
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
715D000
|
heap
|
page read and write
|
||
|
31E0000
|
remote allocation
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
104F000
|
stack
|
page read and write
|
||
|
BEB000
|
stack
|
page read and write
|
||
|
FEDE2FE000
|
stack
|
page read and write
|
||
|
1EC76600000
|
unkown
|
page read and write
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
FCB000
|
stack
|
page read and write
|
||
|
99B000
|
stack
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
1EC7664B000
|
unkown
|
page read and write
|
||
|
718D000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
7AEE000
|
heap
|
page read and write
|
||
|
27724F53000
|
heap
|
page read and write
|
||
|
548C000
|
stack
|
page read and write
|
||
|
102F000
|
stack
|
page read and write
|
||
|
31E0000
|
heap
|
page readonly
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
4107379000
|
stack
|
page read and write
|
||
|
1160000
|
heap
|
page readonly
|
||
|
70DC000
|
heap
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
27724F57000
|
heap
|
page read and write
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
70E8000
|
heap
|
page read and write
|
||
|
1060000
|
direct allocation
|
page read and write
|
||
|
27724F69000
|
heap
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
4F48000
|
heap
|
page read and write
|
||
|
27724E02000
|
heap
|
page read and write
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
F8C000
|
stack
|
page read and write
|
||
|
70E8000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
C6A000
|
heap
|
page read and write
|
||
|
15441430000
|
heap
|
page readonly
|
||
|
27724F53000
|
heap
|
page read and write
|
||
|
101E3000
|
unkown
|
page write copy
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
27724F66000
|
heap
|
page read and write
|
||
|
6294000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
4F6F000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
1230000
|
remote allocation
|
page read and write
|
||
|
4F14000
|
heap
|
page read and write
|
||
|
15440590000
|
heap
|
page read and write
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
718D000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
1EC76715000
|
trusted library allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
154405DE000
|
heap
|
page read and write
|
||
|
3FB000
|
stack
|
page read and write
|
||
|
70EC000
|
heap
|
page read and write
|
||
|
E5F000
|
stack
|
page read and write
|
||
|
718B000
|
heap
|
page read and write
|
||
|
27724F76000
|
heap
|
page read and write
|
||
|
27724F30000
|
heap
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
C0B000
|
heap
|
page read and write
|
||
|
27724513000
|
heap
|
page read and write
|
||
|
27724F30000
|
heap
|
page read and write
|
||
|
27724F74000
|
heap
|
page read and write
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
70EC000
|
heap
|
page read and write
|
||
|
15440870000
|
trusted library allocation
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
33E8B79000
|
stack
|
page read and write
|
||
|
27724F56000
|
heap
|
page read and write
|
||
|
715D000
|
heap
|
page read and write
|
||
|
100AD000
|
unkown
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
4F9D000
|
heap
|
page read and write
|
||
|
27724F72000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
717F000
|
heap
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
4821000
|
heap
|
page read and write
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
27724F2A000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
75D8000
|
heap
|
page read and write
|
||
|
1EC76580000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
15440570000
|
trusted library allocation
|
page read and write
|
||
|
75D6000
|
heap
|
page read and write
|
||
|
F6C000
|
stack
|
page read and write
|
||
|
4EF1000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
154414A0000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page readonly
|
||
|
717F000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
67B000
|
stack
|
page read and write
|
||
|
4AF0000
|
heap
|
page read and write
|
||
|
107F000
|
direct allocation
|
page read and write
|
||
|
1EC76B02000
|
heap
|
page read and write
|
||
|
277244AF000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
27724499000
|
heap
|
page read and write
|
||
|
27724F55000
|
heap
|
page read and write
|
||
|
75B000
|
stack
|
page read and write
|
||
|
154403A0000
|
trusted library allocation
|
page read and write
|
||
|
E4A000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
715D000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
27724F3B000
|
heap
|
page read and write
|
||
|
27724F52000
|
heap
|
page read and write
|
||
|
715D000
|
heap
|
page read and write
|
||
|
27724F2C000
|
heap
|
page read and write
|
||
|
715D000
|
heap
|
page read and write
|
||
|
70DC000
|
heap
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
||
|
70EC000
|
heap
|
page read and write
|
||
|
27724F63000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
95C000
|
stack
|
page read and write
|
||
|
45F0000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
718D000
|
heap
|
page read and write
|
||
|
BAC000
|
stack
|
page read and write
|
||
|
4F79000
|
heap
|
page read and write
|
||
|
15441440000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
3BC000
|
stack
|
page read and write
|
||
|
75D3000
|
heap
|
page read and write
|
||
|
27724F2C000
|
heap
|
page read and write
|
||
|
27724400000
|
heap
|
page read and write
|
||
|
715D000
|
heap
|
page read and write
|
||
|
1EC76700000
|
trusted library allocation
|
page read and write
|
||
|
717F000
|
heap
|
page read and write
|
||
|
27724F0E000
|
heap
|
page read and write
|
||
|
154404D0000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
4F3C000
|
heap
|
page read and write
|
||
|
277244B8000
|
heap
|
page read and write
|
||
|
9DB000
|
stack
|
page read and write
|
||
|
27724F29000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
1EC7664C000
|
heap
|
page read and write
|
||
|
70E8000
|
heap
|
page read and write
|
||
|
101FE000
|
unkown
|
page readonly
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
15440390000
|
heap
|
page read and write
|
||
|
FAB000
|
stack
|
page read and write
|
||
|
71C000
|
stack
|
page read and write
|
||
|
DDF000
|
stack
|
page read and write
|
||
|
27724F87000
|
heap
|
page read and write
|
||
|
70DC000
|
heap
|
page read and write
|
||
|
27724370000
|
heap
|
page read and write
|
||
|
3720000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
1050000
|
direct allocation
|
page execute read
|
||
|
930000
|
heap
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
101E0000
|
unkown
|
page write copy
|
||
|
C00000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
15440869000
|
heap
|
page read and write
|
||
|
12B5000
|
heap
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
100AE000
|
unkown
|
page readonly
|
||
|
FEDDEFF000
|
stack
|
page read and write
|
||
|
83A000
|
heap
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
154405F3000
|
heap
|
page read and write
|
||
|
47FF000
|
heap
|
page read and write
|
||
|
4821000
|
heap
|
page read and write
|
||
|
99C000
|
stack
|
page read and write
|
||
|
1EC76628000
|
heap
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
1EC76A13000
|
heap
|
page read and write
|
||
|
75DB000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
27724F40000
|
heap
|
page read and write
|
||
|
4F50000
|
heap
|
page read and write
|
||
|
1EC76A02000
|
heap
|
page read and write
|
||
|
27724F62000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
33E87F9000
|
stack
|
page read and write
|
||
|
715D000
|
heap
|
page read and write
|
||
|
27724F6D000
|
heap
|
page read and write
|
||
|
1EC76590000
|
trusted library allocation
|
page read and write
|
||
|
7214000
|
heap
|
page read and write
|
||
|
DDF000
|
stack
|
page read and write
|
||
|
36F0000
|
heap
|
page read and write
|
||
|
154405DD000
|
heap
|
page read and write
|
||
|
27724F6A000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
2772443C000
|
heap
|
page read and write
|
||
|
70E8000
|
heap
|
page read and write
|
||
|
4F74000
|
heap
|
page read and write
|
||
|
4B10000
|
heap
|
page read and write
|
||
|
BEB000
|
stack
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
718B000
|
heap
|
page read and write
|
||
|
33E87FE000
|
stack
|
page read and write
|
||
|
101DA000
|
unkown
|
page readonly
|
||
|
70DC000
|
heap
|
page read and write
|
||
|
6B2B000
|
heap
|
page read and write
|
||
|
4F79000
|
heap
|
page read and write
|
There are 540 hidden memdumps, click here to show them.