Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
qbot1.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_9fb6f77b13131586566dd65310d5dce5865fec4f_82810a17_1995889c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_9fb6f77b13131586566dd65310d5dce5865fec4f_82810a17_19b56739\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_9fb6f77b13131586566dd65310d5dce5865fec4f_82810a17_19b96630\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c6a0b02083f29b4f045509d58da68ab1c531655_82810a17_192989f4\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c6a0b02083f29b4f045509d58da68ab1c531655_82810a17_1a9588cb\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c6a0b02083f29b4f045509d58da68ab1c531655_82810a17_1bc56fb5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c6a0b02083f29b4f045509d58da68ab1c531655_82810a17_1be17998\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B33.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 04:23:58 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5C4C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 04:23:58 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E22.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E90.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F0C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F6B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER66BC.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 04:24:01 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER69DA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6A1A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER716B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 04:24:03 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER741B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER745B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F07.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 04:24:07 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7F45.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 04:24:07 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8011.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 04:24:07 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER813A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8199.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER832E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER838C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER838D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8449.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 63843 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\J7NKSXWB.htm
|
HTML document, ASCII text, with very long lines (64945)
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\de-ch[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (3929), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\t5[1]
|
ASCII text, with very long lines (784), with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 28 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\qbot1.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\qbot1.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\qbot1.dll,m?0API@ScScript@@IAE@AAVEngine@1@H@Z
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\qbot1.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 656
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 660
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\qbot1.dll,m?0BinaryNode@ScScript@@QAE@ABUScanInfo@1@PAVNode@1@1@Z
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 672
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\qbot1.dll,m?0BreakpointInfo@ScScript@@QAE@ABV01@@Z
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 648
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\qbot1.dll",m?0API@ScScript@@IAE@AAVEngine@1@H@Z
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\qbot1.dll",m?0BinaryNode@ScScript@@QAE@ABUScanInfo@1@PAVNode@1@1@Z
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\qbot1.dll",m?0BreakpointInfo@ScScript@@QAE@ABV01@@Z
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\qbot1.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\qbot1.dll",munlockRef@Engine@ScScript@@QAEXABVVariant@ScCore@@@Z
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\qbot1.dll",mundefinedError@Callback@ScScript@@UAE_NAAVEngine@2@ABVVariant@ScCore@@1AAV45@@Z
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 648
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\SysWOW64\ipconfig.exe
|
ipconfig /all
|
|
|
|
C:\Windows\SysWOW64\whoami.exe
|
whoami /all
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
There are 16 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://s.yimg.com/ss/rapid-3.53.38.js
|
unknown
|
||
|
https://outlook.live.com/owa/
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/6lV3qkp5vhD2J.O5ha31Nw--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://www.onenote.com/?omkt=de-CH
|
unknown
|
||
|
https://js.monitor.azure.com
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/fiFKhsorJ_.XzJNVa7HgsQ--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/h64YbbKcO2GsKYAy1QMRMw--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/cx/pv/perf-vitals_3.1.0.js
|
unknown
|
||
|
https://s.yimg.com/aaq/spotim/
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/p68hnTLk2asTrmg6nFL37A--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://www.skype.com/de/
|
unknown
|
||
|
https://fp-graviton-home-gateway.media.yahoo.com/
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/7mz1gUykvPcUcalzuGE1WQ--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://openweb.jac.yahoosandbox.com
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/k8SbH9Gqa6W8a7JKyncC.A--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://yahoo.com/
|
54.161.105.65
|
||
|
https://www.ad.com/?utm_source=yahoo-home&utm_medium=referral&utm_campaign=ad-feedback"
|
unknown
|
||
|
https://lptag.liveperson.net
|
unknown
|
||
|
https://search.yahoo.com/search?p=
|
unknown
|
||
|
https://xboxdesignlab.xbox.com/xbox-design-lab?recipeId=G4E9FNSC&icid=mscom_marcom_CPH4a_PrideXDLcon
|
unknown
|
||
|
http://schema.org
|
unknown
|
||
|
http://www.opensource.org/licenses/mit-license.php
|
unknown
|
||
|
https://analytics.tiktok.com
|
unknown
|
||
|
https://legal.yahoo.com/us/en/yahoo/privacy/adinfo/index.html"
|
unknown
|
||
|
https://5.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C4830424%7C0%7C0%7CAdId=-41;BnId=0;ct=1864049394;st=
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/H3vVA32ymLk3HFF8J_ZI5w--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://www.instagram.com/microsoftch/
|
unknown
|
||
|
https://www.clarity.ms
|
unknown
|
||
|
https://cdnssl.clicktale.net/www32/ptc/05d32363-d534-4d93-9b65-cde674775e71.js
|
unknown
|
||
|
https://cdnssl.clicktale.net
|
unknown
|
||
|
https://publisher.liveperson.net
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/4cg6h0vinH_o7ba.oxXthQ--~B/Zmk9c3RyaW07aD0zODg7cT05NTt3PTcyMDthcHB
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/mzPB3eeJrxJuAn9uOhK0cA--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/aaq/nel/js/spotIm.custom.SpotIMJAC.modal.9d3270fa67932556c75baaed2c09c955.js
|
unknown
|
||
|
https://d.impactradius-event.com
|
unknown
|
||
|
https://s.yimg.com/aaq/hc/homepage-pwa-defer-1.1.6.js
|
unknown
|
||
|
https://start.microsoftapp.net/start?pc_campaign=UHF_Banner_15mkts&adjust=y9xgnyl_5sblqid"
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/2kRwuXH6fvmgKfpoQCf56g--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://onedrive.live.com/about/de-ch/
|
unknown
|
||
|
https://s.yimg.com/aaq/vzm/cs_1.4.0.js
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/c3dObtZQiIqjZKMWzeYQcw--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://lpcdn.lpsnmedia.net
|
unknown
|
||
|
http://www.yahoo.com/
|
87.248.100.215
|
||
|
https://www.youtube.com/user/MicrosoftCH
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://schema.org
|
unknown
|
||
|
https://s.yimg.com/uc/sf/0.1.322/js/safe.min.js
|
unknown
|
||
|
https://mem.gfx.ms
|
unknown
|
||
|
https://www.yahoo.com/
|
87.248.100.215
|
||
|
https://s.yimg.com/uu/api/res/1.2/5BZN9wyvjM8FfgniQrH0uw--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://aka.ms/yourcaliforniaprivacychoices
|
unknown
|
||
|
https://www.yahoo.com/px.gif
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/6DI2hkBaEy3aroPxqBStjQ--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://twitter.com/microsoft_ch
|
unknown
|
||
|
https://5.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C4830441%7C0%7C225%7CAdId=11101911;BnId=2;ct=1864049
|
unknown
|
||
|
https://s.yimg.com/aaq/wf/wf-core-1.63.0.js
|
unknown
|
||
|
https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=2023538075&c7=https%3A%2F%2Fwww.yahoo.com%2F&c
|
unknown
|
||
|
https://accdn.lpsnmedia.net
|
unknown
|
||
|
https://www.linkedin.com/company/1035
|
unknown
|
||
|
https://www.xbox.com/
|
unknown
|
||
|
http://schema.org/Organization
|
unknown
|
||
|
https://s.yimg.com/nn/lib/metro/g/myy/advertisement_0.0.19.js
|
unknown
|
||
|
https://yep.video.yahoo.com/oath/js/1/oath-player.js?ypv=8.5.43&lang=en-US
|
unknown
|
||
|
https://openweb.jac.yahoosandbox.com/1.5.0/jac.js
|
unknown
|
There are 54 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
new-fp-shed.wg1.b.yahoo.com
|
87.248.100.215
|
||
|
yahoo.com
|
54.161.105.65
|
||
|
windowsupdatebg.s.llnwi.net
|
178.79.225.128
|
||
|
www.yahoo.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
75.143.236.149
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
86.195.14.72
|
unknown
|
France
|
|
|
|
27.253.11.10
|
unknown
|
Australia
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
80.167.196.79
|
unknown
|
Denmark
|
|
|
|
92.186.69.229
|
unknown
|
France
|
|
|
|
89.32.156.5
|
unknown
|
Italy
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
213.64.33.92
|
unknown
|
Sweden
|
|
|
|
24.234.220.88
|
unknown
|
United States
|
|
|
|
14.192.241.76
|
unknown
|
Malaysia
|
|
|
|
125.63.125.205
|
unknown
|
India
|
|
|
|
173.88.135.179
|
unknown
|
United States
|
|
|
|
72.205.104.134
|
unknown
|
United States
|
|
|
|
69.160.121.6
|
unknown
|
Jamaica
|
|
|
|
47.34.30.133
|
unknown
|
United States
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
70.49.205.198
|
unknown
|
Canada
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
84.35.26.14
|
unknown
|
Netherlands
|
|
|
|
100.4.163.158
|
unknown
|
United States
|
|
|
|
103.141.50.43
|
unknown
|
India
|
|
|
|
70.50.83.216
|
unknown
|
Canada
|
|
|
|
165.120.169.171
|
unknown
|
United States
|
|
|
|
79.92.15.6
|
unknown
|
France
|
|
|
|
68.203.69.96
|
unknown
|
United States
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
178.175.187.254
|
unknown
|
Moldova Republic of
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
186.64.67.30
|
unknown
|
Argentina
|
|
|
|
98.187.21.2
|
unknown
|
United States
|
|
|
|
76.86.31.59
|
unknown
|
United States
|
|
|
|
96.87.28.170
|
unknown
|
United States
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
103.101.203.177
|
unknown
|
Singapore
|
|
|
|
117.195.16.105
|
unknown
|
India
|
|
|
|
94.204.202.106
|
unknown
|
United Arab Emirates
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
80.12.88.148
|
unknown
|
France
|
|
|
|
98.37.25.99
|
unknown
|
United States
|
|
|
|
5.107.153.132
|
unknown
|
United Arab Emirates
|
|
|
|
81.111.108.123
|
unknown
|
United Kingdom
|
|
|
|
69.133.162.35
|
unknown
|
United States
|
|
|
|
205.237.67.69
|
unknown
|
Canada
|
|
|
|
201.143.215.69
|
unknown
|
Mexico
|
|
|
|
76.178.148.107
|
unknown
|
United States
|
|
|
|
69.242.31.249
|
unknown
|
United States
|
|
|
|
85.104.105.67
|
unknown
|
Turkey
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
2.49.63.160
|
unknown
|
United Arab Emirates
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
116.74.163.130
|
unknown
|
India
|
|
|
|
116.120.145.170
|
unknown
|
Korea Republic of
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
98.145.23.67
|
unknown
|
United States
|
|
|
|
47.149.134.231
|
unknown
|
United States
|
|
|
|
82.125.44.236
|
unknown
|
France
|
|
|
|
90.7.72.46
|
unknown
|
France
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
46.246.254.242
|
unknown
|
Greece
|
|
|
|
45.243.142.31
|
unknown
|
Egypt
|
|
|
|
70.64.77.115
|
unknown
|
Canada
|
|
|
|
89.129.109.27
|
unknown
|
Spain
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
122.184.143.86
|
unknown
|
India
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
213.55.33.103
|
unknown
|
France
|
|
|
|
45.62.70.33
|
unknown
|
Canada
|
|
|
|
83.249.198.100
|
unknown
|
Sweden
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
47.199.241.39
|
unknown
|
United States
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
199.27.66.213
|
unknown
|
United States
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
86.176.83.44
|
unknown
|
United Kingdom
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
90.29.86.138
|
unknown
|
France
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
58.186.75.42
|
unknown
|
Viet Nam
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
50.68.204.71
|
unknown
|
Canada
|
|
|
|
71.38.155.217
|
unknown
|
United States
|
|
|
|
77.126.99.230
|
unknown
|
Israel
|
|
|
|
220.240.164.182
|
unknown
|
Australia
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
2.36.64.159
|
unknown
|
Italy
|
|
|
|
198.2.51.242
|
unknown
|
United States
|
|
|
|
93.147.235.8
|
unknown
|
Italy
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
54.161.105.65
|
yahoo.com
|
United States
|
||
|
87.248.100.215
|
new-fp-shed.wg1.b.yahoo.com
|
United Kingdom
|
||
|
192.168.2.1
|
unknown
|
unknown
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiOverridePath
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile
|
WritePermissionsCheck
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile
|
ProviderSyncId
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{773982ad-9edc-b2b9-b47e-22509337c710}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00184008C5A0EBAC
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
00184008C5A0EBAC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
91499fe5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
a4d64fab
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
a6976fd7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
1e2b08b2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
63234738
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
db9f205d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
1c6a28ce
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
ee00f013
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
39017712
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
23ce9f35
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
317b30db
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
4c737f51
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
91499fe5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
91499fe5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
91499fe5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Tqvpjiirdeeuu
|
91499fe5
|
There are 41 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C4A000
|
heap
|
page read and write
|
|
|
|
4870000
|
heap
|
page read and write
|
|
|
|
4582000
|
heap
|
page read and write
|
||
|
5DDF000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
5D3C000
|
heap
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
2F4C000
|
stack
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
2CDF000
|
stack
|
page read and write
|
||
|
5828000
|
heap
|
page read and write
|
||
|
1A3314BE000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
E6F000
|
stack
|
page read and write
|
||
|
1A331472000
|
heap
|
page read and write
|
||
|
5F14000
|
heap
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
5D4C000
|
heap
|
page read and write
|
||
|
2F0C000
|
stack
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
297C000
|
stack
|
page read and write
|
||
|
64F4000
|
heap
|
page read and write
|
||
|
5DBD000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
422F000
|
stack
|
page read and write
|
||
|
6050000
|
heap
|
page read and write
|
||
|
6F0B000
|
heap
|
page read and write
|
||
|
5D48000
|
heap
|
page read and write
|
||
|
5D3C000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
4FC000
|
stack
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
48EF000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
5DBD000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
1A331900000
|
heap
|
page read and write
|
||
|
5DEB000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
69F1000
|
unkown
|
page read and write
|
||
|
29DF000
|
stack
|
page read and write
|
||
|
5D48000
|
heap
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
5DDF000
|
heap
|
page read and write
|
||
|
5721000
|
heap
|
page read and write
|
||
|
290C000
|
stack
|
page read and write
|
||
|
85B77F9000
|
stack
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
6A08000
|
heap
|
page read and write
|
||
|
4640000
|
heap
|
page read and write
|
||
|
457A000
|
heap
|
page read and write
|
||
|
1A331472000
|
heap
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
1A33142F000
|
heap
|
page read and write
|
||
|
1A331813000
|
heap
|
page read and write
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
294B000
|
stack
|
page read and write
|
||
|
457A000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
332D000
|
heap
|
page read and write
|
||
|
38C000
|
stack
|
page read and write
|
||
|
5DED000
|
heap
|
page read and write
|
||
|
293A000
|
heap
|
page read and write
|
||
|
1A331913000
|
heap
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
85B6FED000
|
stack
|
page read and write
|
||
|
1A331380000
|
heap
|
page read and write
|
||
|
10092000
|
unkown
|
page write copy
|
||
|
5DBD000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
1A331483000
|
heap
|
page read and write
|
||
|
323C000
|
stack
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
29C2000
|
direct allocation
|
page readonly
|
||
|
890000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
77CE000
|
heap
|
page read and write
|
||
|
72B2000
|
heap
|
page read and write
|
||
|
5D48000
|
heap
|
page read and write
|
||
|
10095000
|
unkown
|
page readonly
|
||
|
5D4C000
|
heap
|
page read and write
|
||
|
5DED000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
1A331430000
|
heap
|
page read and write
|
||
|
1BB000
|
stack
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
5DED000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
1A331437000
|
heap
|
page read and write
|
||
|
45A1000
|
heap
|
page read and write
|
||
|
6050000
|
heap
|
page read and write
|
||
|
5DED000
|
heap
|
page read and write
|
||
|
69FA000
|
heap
|
page read and write
|
||
|
350D000
|
stack
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
29A1000
|
direct allocation
|
page execute read
|
||
|
1006A000
|
unkown
|
page readonly
|
||
|
1A331515000
|
trusted library allocation
|
page read and write
|
||
|
5DDF000
|
heap
|
page read and write
|
||
|
5D3C000
|
heap
|
page read and write
|
||
|
6BE000
|
unkown
|
page read and write
|
||
|
5DED000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
63E000
|
unkown
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
5721000
|
heap
|
page read and write
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
641000
|
stack
|
page read and write
|
||
|
5DBC000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
652A000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
29BF000
|
direct allocation
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
750000
|
heap
|
page read and write
|
||
|
5DDF000
|
heap
|
page read and write
|
||
|
5721000
|
heap
|
page read and write
|
||
|
10095000
|
unkown
|
page readonly
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
10092000
|
unkown
|
page write copy
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
1A331310000
|
heap
|
page read and write
|
||
|
3317000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
35CA000
|
heap
|
page read and write
|
||
|
54C000
|
stack
|
page read and write
|
||
|
5D3C000
|
heap
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
5D3C000
|
heap
|
page read and write
|
||
|
1A331523000
|
heap
|
page read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
1A331438000
|
heap
|
page read and write
|
||
|
10092000
|
unkown
|
page write copy
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
1A3314BE000
|
heap
|
page read and write
|
||
|
6050000
|
heap
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
5D48000
|
heap
|
page read and write
|
||
|
7A1000
|
stack
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
69F2000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
10092000
|
unkown
|
page write copy
|
||
|
641000
|
stack
|
page read and write
|
||
|
4810000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
5D48000
|
heap
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
29BA000
|
direct allocation
|
page readonly
|
||
|
72B8000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
457A000
|
heap
|
page read and write
|
||
|
1A331500000
|
trusted library allocation
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
4582000
|
heap
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
5DED000
|
heap
|
page read and write
|
||
|
456F000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
5D4C000
|
heap
|
page read and write
|
||
|
5DED000
|
heap
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
34D000
|
stack
|
page read and write
|
||
|
2A2A000
|
heap
|
page read and write
|
||
|
5721000
|
heap
|
page read and write
|
||
|
6050000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
1006A000
|
unkown
|
page readonly
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
5DED000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
2981000
|
stack
|
page read and write
|
||
|
457A000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
1A331472000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
457A000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
1A331502000
|
trusted library allocation
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
53B000
|
stack
|
page read and write
|
||
|
4514000
|
heap
|
page read and write
|
||
|
5D48000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
1A331400000
|
unkown
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
717000
|
heap
|
page read and write
|
||
|
35AE000
|
stack
|
page read and write
|
||
|
5FF000
|
stack
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
5D3C000
|
heap
|
page read and write
|
||
|
1006A000
|
unkown
|
page readonly
|
||
|
5D4C000
|
heap
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
6050000
|
heap
|
page read and write
|
||
|
6FE000
|
stack
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
5DEB000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
1A331483000
|
heap
|
page read and write
|
||
|
470F000
|
stack
|
page read and write
|
||
|
10092000
|
unkown
|
page write copy
|
||
|
5D48000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
5DDF000
|
heap
|
page read and write
|
||
|
1006A000
|
unkown
|
page readonly
|
||
|
6AC000
|
stack
|
page read and write
|
||
|
6B63000
|
heap
|
page read and write
|
||
|
34CF000
|
stack
|
page read and write
|
||
|
1006A000
|
unkown
|
page readonly
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
85B76F9000
|
stack
|
page read and write
|
||
|
1A331431000
|
heap
|
page read and write
|
||
|
5D48000
|
heap
|
page read and write
|
||
|
29A0000
|
direct allocation
|
page read and write
|
||
|
2A1E000
|
stack
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
28FA000
|
heap
|
page read and write
|
||
|
457A000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
5D3C000
|
heap
|
page read and write
|
||
|
327B000
|
stack
|
page read and write
|
||
|
10092000
|
unkown
|
page write copy
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
348E000
|
stack
|
page read and write
|
||
|
10095000
|
unkown
|
page readonly
|
||
|
10095000
|
unkown
|
page readonly
|
||
|
462E000
|
stack
|
page read and write
|
||
|
5721000
|
heap
|
page read and write
|
||
|
4711000
|
heap
|
page read and write
|
||
|
1A331483000
|
heap
|
page read and write
|
||
|
1006A000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
6050000
|
heap
|
page read and write
|
||
|
2A5A000
|
heap
|
page read and write
|
||
|
5D4C000
|
heap
|
page read and write
|
||
|
5DEB000
|
heap
|
page read and write
|
||
|
6050000
|
heap
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
468F000
|
stack
|
page read and write
|
||
|
4DC0000
|
heap
|
page read and write
|
||
|
48EF000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
5DDF000
|
heap
|
page read and write
|
||
|
85B78FB000
|
stack
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
1A331428000
|
heap
|
page read and write
|
||
|
44F1000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
71F9000
|
heap
|
page read and write
|
||
|
5DEB000
|
heap
|
page read and write
|
||
|
4DC000
|
stack
|
page read and write
|
||
|
5DEB000
|
heap
|
page read and write
|
||
|
85B7379000
|
stack
|
page read and write
|
||
|
3306000
|
heap
|
page read and write
|
||
|
6050000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
4893000
|
heap
|
page read and write
|
||
|
5D48000
|
heap
|
page read and write
|
||
|
1A331438000
|
heap
|
page read and write
|
||
|
10095000
|
unkown
|
page readonly
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
5DEB000
|
heap
|
page read and write
|
||
|
5DBD000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
880000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
770000
|
heap
|
page read and write
|
||
|
5DBD000
|
heap
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
675000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
5DEB000
|
heap
|
page read and write
|
||
|
10095000
|
unkown
|
page readonly
|
||
|
10095000
|
unkown
|
page readonly
|
||
|
7707000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
5D4C000
|
heap
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
1A33140D000
|
unkown
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
5DBD000
|
heap
|
page read and write
|
||
|
42A0000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
65B6000
|
heap
|
page read and write
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
1A331800000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
5DED000
|
heap
|
page read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
5DBD000
|
heap
|
page read and write
|
||
|
5721000
|
heap
|
page read and write
|
||
|
457A000
|
heap
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
6F00000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
457A000
|
heap
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
1006A000
|
unkown
|
page readonly
|
||
|
64F6000
|
heap
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
4D0F000
|
stack
|
page read and write
|
||
|
10092000
|
unkown
|
page write copy
|
||
|
880000
|
direct allocation
|
page execute read
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
5D3C000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
5DDF000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
63C000
|
stack
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
2DDA000
|
heap
|
page read and write
|
||
|
1A331902000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2C87000
|
heap
|
page read and write
|
||
|
9D7000
|
heap
|
page read and write
|
||
|
6EB000
|
stack
|
page read and write
|
||
|
1A331902000
|
heap
|
page read and write
|
||
|
17C000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
1A331413000
|
unkown
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
6074000
|
heap
|
page read and write
|
||
|
1A331320000
|
trusted library allocation
|
page read and write
|
||
|
1A331472000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
5DEB000
|
heap
|
page read and write
|
||
|
4521000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
40AF000
|
stack
|
page read and write
|
||
|
5D3C000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
470000
|
heap
|
page read and write
|
||
|
5D4C000
|
heap
|
page read and write
|
||
|
83F000
|
stack
|
page read and write
|
||
|
44B0000
|
heap
|
page read and write
|
||
|
6050000
|
heap
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
5EDC000
|
heap
|
page read and write
|
||
|
5DDF000
|
heap
|
page read and write
|
||
|
A1F000
|
stack
|
page read and write
|
||
|
1006A000
|
unkown
|
page readonly
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
79C000
|
stack
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
A96000
|
heap
|
page read and write
|
||
|
51B000
|
stack
|
page read and write
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
91F000
|
stack
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
9CE000
|
heap
|
page read and write
|
||
|
5D4C000
|
heap
|
page read and write
|
||
|
5DBD000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
457A000
|
heap
|
page read and write
|
||
|
4520000
|
heap
|
page read and write
|
||
|
6F0A000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
7F4000
|
heap
|
page read and write
|
||
|
10092000
|
unkown
|
page write copy
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3380000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
5D4C000
|
heap
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
4582000
|
heap
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
69F1000
|
heap
|
page read and write
|
||
|
1A331802000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
4ECF000
|
stack
|
page read and write
|
||
|
1A331913000
|
heap
|
page read and write
|
||
|
10094000
|
unkown
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
456F000
|
heap
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
10095000
|
unkown
|
page readonly
|
||
|
83F000
|
stack
|
page read and write
|
There are 426 hidden memdumps, click here to show them.