Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
photographed.dat.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_34d063e1f8b4a0a973e2832d9ca94882ab2137_82810a17_1c1229dd\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_34d063e1f8b4a0a973e2832d9ca94882ab2137_82810a17_1dd23bb0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_34d063e1f8b4a0a973e2832d9ca94882ab2137_82810a17_1de23ba0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fce87c8f307b30dca7c45f44ed2a364c18519efd_82810a17_13262a0c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fce87c8f307b30dca7c45f44ed2a364c18519efd_82810a17_14da29be\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fce87c8f307b30dca7c45f44ed2a364c18519efd_82810a17_1bd22a0c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fce87c8f307b30dca7c45f44ed2a364c18519efd_82810a17_1d0a3a87\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_fce87c8f307b30dca7c45f44ed2a364c18519efd_82810a17_1d123b42\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER14BF.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 21:23:18 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER15E9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1657.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER20E4.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 21:23:21 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2337.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2396.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F8A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 21:23:25 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FB9.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 21:23:25 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER30F2.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 21:23:26 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3121.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 21:23:26 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER324B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER327A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER32B9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3318.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3567.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER35C6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3604.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3691.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 21:23:16 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB78.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed May 31 21:23:16 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD01.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD10.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 63843 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\GM1SFAFG.htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (540)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\t5[1]
|
ASCII text, with no line terminators
|
modified
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 31 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\photographed.dat.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\photographed.dat.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\photographed.dat.dll,m?0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\photographed.dat.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 660
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 664
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\photographed.dat.dll,m?0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 652
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\photographed.dat.dll,m?0SchedulerPolicy@Concurrency@@QAA@IZZ
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 648
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\photographed.dat.dll",m?0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\photographed.dat.dll",m?0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\photographed.dat.dll",m?0SchedulerPolicy@Concurrency@@QAA@IZZ
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\photographed.dat.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\photographed.dat.dll",mwait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\photographed.dat.dll",mwait_for_all@agent@Concurrency@@SAXIPAPAV12@PAW4agent_status@2@I@Z
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 648
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 648
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\SysWOW64\ipconfig.exe
|
ipconfig /all
|
|
|
|
C:\Windows\SysWOW64\whoami.exe
|
whoami /all
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
There are 17 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.linkedin.com/talent/post-a-job?trk=homepage-basic_talent-finder-cta
|
unknown
|
||
|
https://sg.linkedin.com/
|
unknown
|
||
|
https://nz.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/jobs/quality-assurance-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/pulse/topics/marketing-s2461/
|
unknown
|
||
|
https://bo.linkedin.com/
|
unknown
|
||
|
https://cn.linkedin.com/
|
unknown
|
||
|
https://kr.linkedin.com/
|
unknown
|
||
|
https://sv.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/signup?trk=guest_homepage-basic_directory
|
unknown
|
||
|
https://www.linkedin.com/legal/copyright-policy?trk=homepage-basic_footer-copyright-policy
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/e12h2cd8ac580qen9qdd0qks8
|
unknown
|
||
|
https://about.linkedin.com/?trk=homepage-basic_directory_aboutUrl
|
unknown
|
||
|
https://www.linkedin.com/jobs/search?trk=guest_homepage-basic_guest_nav_menu_jobs
|
unknown
|
||
|
https://ec.linkedin.com/
|
unknown
|
||
|
https://about.linkedin.com?trk=homepage-basic_footer-about
|
unknown
|
||
|
https://ie.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/business-software-and-tools?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://ae.linkedin.com/
|
unknown
|
||
|
https://uk.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/salary/?trk=homepage-basic_directory_salaryHomeUrl
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/75y9ng27ydl2d46fam5nanne5
|
unknown
|
||
|
https://developer.linkedin.com/?trk=homepage-basic_directory_developerMicrositeUrl
|
unknown
|
||
|
https://www.linkedin.com/directory/posts?trk=homepage-basic_directory_postsDirectoryUrl
|
unknown
|
||
|
https://www.linkedin.com/jobs/operations-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/artificial-intelligence?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/pulse/topics/healthcare-s282/
|
unknown
|
||
|
https://in.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/directory/featured?trk=homepage-basic_directory_featuredDirectoryUrl
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/audio-and-music?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/training-and-education?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://hk.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/visualization-and-real-time?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://at.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/pulse/topics/construction-management-s831/
|
unknown
|
||
|
https://www.linkedin.com/jobs/education-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/project-management?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/directory/articles?trk=homepage-basic_directory_articlesDirectoryUrl
|
unknown
|
||
|
https://www.linkedin.com/pulse/topics/public-administration-s3697/
|
unknown
|
||
|
https://za.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/directory/services?trk=homepage-basic_directory_servicesDirectoryUrl
|
unknown
|
||
|
https://jm.linkedin.com/
|
unknown
|
||
|
https://no.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/directory/learning?trk=homepage-basic_directory_learningDirectoryUrl
|
unknown
|
||
|
https://www.linkedin.com/jobs/entrepreneurship-jobs-h
|
unknown
|
||
|
https://pe.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/directory/advice?trk=homepage-basic_directory_adviceDirectoryUrl
|
unknown
|
||
|
https://au.linkedin.com/
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/ddi43qwelxeqjxdd45pe3fvs1
|
unknown
|
||
|
https://www.linkedin.com/jobs/administrative-assistant-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/legal/professional-community-policies?trk=homepage-basic_footer-community-g
|
unknown
|
||
|
https://www.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy
|
unknown
|
||
|
https://www.linkedin.com/signup?trk=guest_homepage-basic_nav-header-join
|
unknown
|
||
|
https://www.linkedin.com/signup?trk=homepage-basic_join-cta
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/sales-3?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/legal/cookie-policy
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/51t74mlo1ty7vakn3a80a9jcp
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/8fkga714vy9b2wk5auqo5reeb
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/data-science?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://cr.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/mobile-development?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://gt.linkedin.com/
|
unknown
|
||
|
https://ph.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/leadership-and-management?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/network-and-system-administration?trk=homepage-basic_learni
|
unknown
|
||
|
https://www.linkedin.com/learning/search?trk=guest_homepage-basic_guest_nav_menu_learning
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/customer-service-3?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/jobs/jobs-in-h
|
unknown
|
||
|
https://fr.linkedin.com/
|
unknown
|
||
|
https://mobile.linkedin.com/?trk=homepage-basic_directory_mobileMicrositeUrl
|
unknown
|
||
|
https://www.linkedin.com/jobs/purchasing-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/security-3?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/learning/search?trk=homepage-basic_brand-discovery_intent-module-thirdBtn
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/it-help-desk-5?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/jobs/arts-and-design-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/directory/products?trk=homepage-basic_directory_productsDirectoryUrl
|
unknown
|
||
|
https://business.linkedin.com/talent-solutions?src=li-footer&utm_source=linkedin&utm_medium=
|
unknown
|
||
|
https://www.linkedin.com/directory/news?trk=homepage-basic_directory_newsDirectoryUrl
|
unknown
|
||
|
https://zw.linkedin.com/
|
unknown
|
||
|
https://co.linkedin.com/
|
unknown
|
||
|
https://ru.linkedin.com/
|
unknown
|
||
|
https://ca.linkedin.com/
|
unknown
|
||
|
https://ke.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/career-development-5?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/mypreferences/g/guest-cookies
|
unknown
|
||
|
https://www.linkedin.com/products?trk=homepage-basic_directory_productsHomeUrl
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/7kb6sn3tm4cx918cx9a5jlb0
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/8wykgzgbqy0t3fnkgborvz54u
|
unknown
|
||
|
https://de.linkedin.com/
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/2r8kd5zqpi905lkzsshdlvvn5
|
unknown
|
||
|
https://www.linkedin.com/jobs/retail-associate-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/product-and-manufacturing?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/psettings/guest-controls?trk=homepage-basic_footer-guest-controls
|
unknown
|
||
|
https://business.linkedin.com/marketing-solutions?src=li-footer&utm_source=linkedin&utm_medi
|
unknown
|
||
|
https://www.linkedin.com/help/linkedin?lang=en&trk=homepage-basic_directory_helpCenterUrl
|
unknown
|
||
|
https://pk.linkedin.com/
|
unknown
|
||
|
https://jp.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/human-resources-3?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/al2o9zrvru7aqj8e1x2rzsrca
|
unknown
|
||
|
https://www.linkedin.com/jobs/real-estate-jobs-h
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
linkedin.com
|
13.107.42.14
|
||
|
www.linkedin.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
91.165.188.74
|
unknown
|
France
|
|
|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
75.143.236.149
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
161.129.37.43
|
unknown
|
United States
|
|
|
|
92.186.69.229
|
unknown
|
France
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
116.74.164.144
|
unknown
|
India
|
|
|
|
76.185.109.16
|
unknown
|
United States
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
24.234.220.88
|
unknown
|
United States
|
|
|
|
14.192.241.76
|
unknown
|
Malaysia
|
|
|
|
123.3.240.16
|
unknown
|
Australia
|
|
|
|
173.88.135.179
|
unknown
|
United States
|
|
|
|
47.34.30.133
|
unknown
|
United States
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
124.149.143.189
|
unknown
|
Australia
|
|
|
|
70.49.205.198
|
unknown
|
Canada
|
|
|
|
84.35.26.14
|
unknown
|
Netherlands
|
|
|
|
37.14.229.220
|
unknown
|
Spain
|
|
|
|
102.159.223.197
|
unknown
|
Tunisia
|
|
|
|
165.120.169.171
|
unknown
|
United States
|
|
|
|
79.92.15.6
|
unknown
|
France
|
|
|
|
68.203.69.96
|
unknown
|
United States
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
178.175.187.254
|
unknown
|
Moldova Republic of
|
|
|
|
186.64.67.30
|
unknown
|
Argentina
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
103.87.128.228
|
unknown
|
India
|
|
|
|
86.248.228.57
|
unknown
|
France
|
|
|
|
59.28.84.65
|
unknown
|
Korea Republic of
|
|
|
|
76.86.31.59
|
unknown
|
United States
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
96.87.28.170
|
unknown
|
United States
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
78.92.133.215
|
unknown
|
Hungary
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
85.57.212.13
|
unknown
|
Spain
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
80.12.88.148
|
unknown
|
France
|
|
|
|
69.133.162.35
|
unknown
|
United States
|
|
|
|
151.62.238.176
|
unknown
|
Italy
|
|
|
|
205.237.67.69
|
unknown
|
Canada
|
|
|
|
201.143.215.69
|
unknown
|
Mexico
|
|
|
|
94.30.98.134
|
unknown
|
United Kingdom
|
|
|
|
76.178.148.107
|
unknown
|
United States
|
|
|
|
69.242.31.249
|
unknown
|
United States
|
|
|
|
85.104.105.67
|
unknown
|
Turkey
|
|
|
|
92.239.81.124
|
unknown
|
United Kingdom
|
|
|
|
76.16.49.134
|
unknown
|
United States
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
103.144.201.56
|
unknown
|
unknown
|
|
|
|
116.120.145.170
|
unknown
|
Korea Republic of
|
|
|
|
103.139.242.6
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
98.145.23.67
|
unknown
|
United States
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
89.129.109.27
|
unknown
|
Spain
|
|
|
|
45.51.102.225
|
unknown
|
United States
|
|
|
|
27.109.19.90
|
unknown
|
India
|
|
|
|
122.186.210.254
|
unknown
|
India
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
122.184.143.86
|
unknown
|
India
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
213.55.33.103
|
unknown
|
France
|
|
|
|
180.151.229.230
|
unknown
|
India
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
47.199.241.39
|
unknown
|
United States
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
199.27.66.213
|
unknown
|
United States
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
90.29.86.138
|
unknown
|
France
|
|
|
|
149.74.159.67
|
unknown
|
United States
|
|
|
|
174.58.146.57
|
unknown
|
United States
|
|
|
|
78.160.146.127
|
unknown
|
Turkey
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
58.186.75.42
|
unknown
|
Viet Nam
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
50.68.204.71
|
unknown
|
Canada
|
|
|
|
71.38.155.217
|
unknown
|
United States
|
|
|
|
117.195.29.126
|
unknown
|
India
|
|
|
|
220.240.164.182
|
unknown
|
Australia
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
198.2.51.242
|
unknown
|
United States
|
|
|
|
27.99.32.26
|
unknown
|
Australia
|
|
|
|
94.204.232.135
|
unknown
|
United Arab Emirates
|
|
|
|
109.50.149.241
|
unknown
|
Portugal
|
|
|
|
69.123.4.221
|
unknown
|
United States
|
|
|
|
74.136.224.98
|
unknown
|
United States
|
|
|
|
200.84.200.20
|
unknown
|
Venezuela
|
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiOverridePath
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile
|
WritePermissionsCheck
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile
|
ProviderSyncId
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{2fe06450-f544-2d7f-a095-8d192186fdf2}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800A5D423B5C
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800A5D423B5C
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800A5D423B5C
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800A5D423B5C
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
7bb37c13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
4e2cac5d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
4c6d8c21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
f4d1eb44
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
89d9a4ce
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
3165c3ab
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
f690cb38
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
4fa13e5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
7bb37c13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
7bb37c13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Jiydhyo
|
7bb37c13
|
There are 40 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
48D0000
|
heap
|
page read and write
|
|
|
|
CDA000
|
heap
|
page read and write
|
|
|
|
2C27000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
4980000
|
heap
|
page read and write
|
||
|
10033000
|
unkown
|
page read and write
|
||
|
64D0000
|
heap
|
page read and write
|
||
|
62D1000
|
heap
|
page read and write
|
||
|
BF3CCF9000
|
stack
|
page read and write
|
||
|
49C000
|
stack
|
page read and write
|
||
|
348A000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
494F000
|
heap
|
page read and write
|
||
|
11D000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
BF3D179000
|
stack
|
page read and write
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
E1A000
|
heap
|
page read and write
|
||
|
2164BD80000
|
trusted library allocation
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
61D1000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
5B85000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
10033000
|
unkown
|
page read and write
|
||
|
F12000
|
direct allocation
|
page readonly
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
69EC000
|
heap
|
page read and write
|
||
|
2435D802000
|
heap
|
page read and write
|
||
|
4DB000
|
stack
|
page read and write
|
||
|
87C000
|
stack
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
10034000
|
unkown
|
page write copy
|
||
|
BF3D379000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
71E000
|
stack
|
page read and write
|
||
|
2435D513000
|
heap
|
page read and write
|
||
|
494F000
|
heap
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
10034000
|
unkown
|
page write copy
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
4A90000
|
trusted library allocation
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
DFD000
|
heap
|
page read and write
|
||
|
10036000
|
unkown
|
page readonly
|
||
|
E13000
|
heap
|
page read and write
|
||
|
E1A000
|
heap
|
page read and write
|
||
|
47DF000
|
stack
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
8FD000
|
stack
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
DFD000
|
heap
|
page read and write
|
||
|
83F000
|
stack
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
61DF000
|
heap
|
page read and write
|
||
|
2435D502000
|
heap
|
page read and write
|
||
|
2164BC8D000
|
heap
|
page read and write
|
||
|
61DF000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
10034000
|
unkown
|
page write copy
|
||
|
86E000
|
stack
|
page read and write
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
62D1000
|
heap
|
page read and write
|
||
|
2164CA60000
|
heap
|
page readonly
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
61D3000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
61D1000
|
heap
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
61D3000
|
heap
|
page read and write
|
||
|
1231000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
64DD000
|
heap
|
page read and write
|
||
|
2164CAD0000
|
trusted library allocation
|
page read and write
|
||
|
2164CA50000
|
trusted library allocation
|
page read and write
|
||
|
2435D213000
|
unkown
|
page read and write
|
||
|
1AC000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
8BA000
|
heap
|
page read and write
|
||
|
2164BC51000
|
heap
|
page read and write
|
||
|
F7E000
|
stack
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
10036000
|
unkown
|
page readonly
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
2164BD60000
|
heap
|
page read and write
|
||
|
2435D24F000
|
heap
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
10036000
|
unkown
|
page readonly
|
||
|
51E000
|
stack
|
page read and write
|
||
|
2164BC8D000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
10034000
|
unkown
|
page write copy
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
F0A000
|
direct allocation
|
page readonly
|
||
|
64D2000
|
heap
|
page read and write
|
||
|
2435D27B000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
940000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
47AF000
|
heap
|
page read and write
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
78C000
|
stack
|
page read and write
|
||
|
57B7000
|
heap
|
page read and write
|
||
|
10034000
|
unkown
|
page write copy
|
||
|
301000
|
stack
|
page read and write
|
||
|
4C5000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
4991000
|
heap
|
page read and write
|
||
|
10036000
|
unkown
|
page readonly
|
||
|
61D3000
|
heap
|
page read and write
|
||
|
10033000
|
unkown
|
page read and write
|
||
|
E1A000
|
heap
|
page read and write
|
||
|
2435D502000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
61E1000
|
heap
|
page read and write
|
||
|
2435D28E000
|
heap
|
page read and write
|
||
|
61D1000
|
heap
|
page read and write
|
||
|
4CA9779000
|
stack
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
2435D513000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
2435D24D000
|
unkown
|
page read and write
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
B3F000
|
stack
|
page read and write
|
||
|
2164C7A0000
|
trusted library allocation
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
2164C810000
|
trusted library allocation
|
page read and write
|
||
|
4810000
|
heap
|
page read and write
|
||
|
53D000
|
stack
|
page read and write
|
||
|
2C3C000
|
heap
|
page read and write
|
||
|
5CC7000
|
heap
|
page read and write
|
||
|
10034000
|
unkown
|
page write copy
|
||
|
5AA000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
2164C790000
|
trusted library allocation
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
E13000
|
heap
|
page read and write
|
||
|
4CA947C000
|
stack
|
page read and write
|
||
|
77F000
|
stack
|
page read and write
|
||
|
61D1000
|
heap
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
EF0000
|
direct allocation
|
page read and write
|
||
|
D6F000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2164BD40000
|
heap
|
page read and write
|
||
|
325C000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
6CD4000
|
heap
|
page read and write
|
||
|
5676000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
2435D228000
|
heap
|
page read and write
|
||
|
1FE000
|
unkown
|
page read and write
|
||
|
10033000
|
unkown
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
61E1000
|
heap
|
page read and write
|
||
|
2435D302000
|
trusted library allocation
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
DFD000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
2164BB19000
|
heap
|
page read and write
|
||
|
319A000
|
heap
|
page read and write
|
||
|
4810000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
62D1000
|
heap
|
page read and write
|
||
|
2435D0A0000
|
heap
|
page read and write
|
||
|
10033000
|
unkown
|
page read and write
|
||
|
1231000
|
heap
|
page read and write
|
||
|
10034000
|
unkown
|
page write copy
|
||
|
C7F000
|
stack
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
2435D24E000
|
heap
|
page read and write
|
||
|
E4F000
|
stack
|
page read and write
|
||
|
61DF000
|
heap
|
page read and write
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
61D1000
|
heap
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
5875000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
E09000
|
heap
|
page read and write
|
||
|
329B000
|
stack
|
page read and write
|
||
|
62D1000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
2435D400000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
2435D2B9000
|
heap
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
DFD000
|
heap
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
61E1000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
3300000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
290000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
C3B000
|
stack
|
page read and write
|
||
|
EE0000
|
direct allocation
|
page execute read
|
||
|
64D0000
|
heap
|
page read and write
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
4720000
|
heap
|
page read and write
|
||
|
2FB000
|
stack
|
page read and write
|
||
|
2435D513000
|
heap
|
page read and write
|
||
|
10034000
|
unkown
|
page write copy
|
||
|
2164CA80000
|
trusted library allocation
|
page read and write
|
||
|
48F3000
|
heap
|
page read and write
|
||
|
2435D27A000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
10036000
|
unkown
|
page readonly
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
2435D23B000
|
heap
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
BF3C8FD000
|
stack
|
page read and write
|
||
|
2164BB15000
|
heap
|
page read and write
|
||
|
4D6F000
|
stack
|
page read and write
|
||
|
2435D23C000
|
heap
|
page read and write
|
||
|
B0F000
|
stack
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
2435D27A000
|
heap
|
page read and write
|
||
|
2435D323000
|
heap
|
page read and write
|
||
|
2164BC85000
|
heap
|
page read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
2164BC8D000
|
heap
|
page read and write
|
||
|
10034000
|
unkown
|
page write copy
|
||
|
4BF000
|
stack
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
64DF000
|
heap
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
B5A000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
2435D24F000
|
heap
|
page read and write
|
||
|
2164BB10000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
2435D413000
|
heap
|
page read and write
|
||
|
2435D800000
|
heap
|
page read and write
|
||
|
2164BCA6000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
DEA000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
10036000
|
unkown
|
page readonly
|
||
|
920000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
4CA9679000
|
stack
|
page read and write
|
||
|
ABF000
|
stack
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
62D1000
|
heap
|
page read and write
|
||
|
10033000
|
unkown
|
page read and write
|
||
|
69E3000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2164BD90000
|
trusted library allocation
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
FBF000
|
stack
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
1FC000
|
stack
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
2164BC40000
|
heap
|
page read and write
|
||
|
A7B000
|
stack
|
page read and write
|
||
|
10036000
|
unkown
|
page readonly
|
||
|
1EB000
|
stack
|
page read and write
|
||
|
BF3D079000
|
stack
|
page read and write
|
||
|
2435D20D000
|
unkown
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
DFD000
|
heap
|
page read and write
|
||
|
10036000
|
unkown
|
page readonly
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
4AA000
|
heap
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
9EC000
|
stack
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
97B000
|
stack
|
page read and write
|
||
|
2435D502000
|
heap
|
page read and write
|
||
|
4DE0000
|
heap
|
page read and write
|
||
|
10033000
|
unkown
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
69DC000
|
heap
|
page read and write
|
||
|
61D3000
|
heap
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
10036000
|
unkown
|
page readonly
|
||
|
2435D28E000
|
unkown
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
2164C800000
|
trusted library allocation
|
page read and write
|
||
|
61D1000
|
heap
|
page read and write
|
||
|
89C000
|
stack
|
page read and write
|
||
|
E1A000
|
heap
|
page read and write
|
||
|
4CA96FE000
|
stack
|
page read and write
|
||
|
10033000
|
unkown
|
page read and write
|
||
|
CE1000
|
heap
|
page read and write
|
||
|
2435D315000
|
trusted library allocation
|
page read and write
|
||
|
E6A000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
E13000
|
heap
|
page read and write
|
||
|
10033000
|
unkown
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
C4F000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
B1F000
|
stack
|
page read and write
|
||
|
2435D502000
|
heap
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
DFD000
|
heap
|
page read and write
|
||
|
64D8000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
47D000
|
stack
|
page read and write
|
||
|
2435D402000
|
heap
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
2435D500000
|
heap
|
page read and write
|
||
|
2435D505000
|
heap
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
57F000
|
stack
|
page read and write
|
||
|
CD6000
|
heap
|
page read and write
|
||
|
2435D513000
|
heap
|
page read and write
|
||
|
2435D516000
|
heap
|
page read and write
|
||
|
10036000
|
unkown
|
page readonly
|
||
|
800000
|
heap
|
page read and write
|
||
|
2435D0B0000
|
trusted library allocation
|
page read and write
|
||
|
4CA95FB000
|
stack
|
page read and write
|
||
|
401000
|
stack
|
page read and write
|
||
|
2435D300000
|
trusted library allocation
|
page read and write
|
||
|
2435D2B9000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
DE4000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
BF3D27B000
|
stack
|
page read and write
|
||
|
E09000
|
heap
|
page read and write
|
||
|
5B73000
|
heap
|
page read and write
|
||
|
10033000
|
unkown
|
page read and write
|
||
|
10034000
|
unkown
|
page write copy
|
||
|
450000
|
heap
|
page read and write
|
||
|
2164BB00000
|
heap
|
page read and write
|
||
|
791000
|
stack
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
1241000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
93C000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
2435D110000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
62D1000
|
heap
|
page read and write
|
||
|
6EE4000
|
heap
|
page read and write
|
||
|
61E1000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
3066000
|
heap
|
page read and write
|
||
|
2435D200000
|
unkown
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
2435D518000
|
heap
|
page read and write
|
||
|
8DB000
|
stack
|
page read and write
|
||
|
2435D513000
|
heap
|
page read and write
|
||
|
61DF000
|
heap
|
page read and write
|
||
|
2435D524000
|
heap
|
page read and write
|
||
|
F0F000
|
direct allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
CCB000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2435D52A000
|
heap
|
page read and write
|
||
|
2164CA70000
|
trusted library allocation
|
page read and write
|
||
|
2435D502000
|
heap
|
page read and write
|
||
|
43E000
|
unkown
|
page read and write
|
||
|
E1A000
|
heap
|
page read and write
|
||
|
5D6000
|
heap
|
page read and write
|
||
|
B0000
|
heap
|
page read and write
|
||
|
69E8000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
4991000
|
heap
|
page read and write
|
||
|
15C000
|
stack
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
E1A000
|
heap
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
EF1000
|
direct allocation
|
page execute read
|
||
|
881000
|
stack
|
page read and write
|
||
|
71E4000
|
heap
|
page read and write
|
||
|
840000
|
remote allocation
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
5946000
|
heap
|
page read and write
|
There are 450 hidden memdumps, click here to show them.