Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
distantly.dat.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_049a2e9e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_090e2e40\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_1cb63c98\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f72750b22a9214184114f6be25e810eecaece948_82810a17_1d6e3d44\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1549.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 11:10:09 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1568.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 11:10:09 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER16D1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1720.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER176E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER178E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER367D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 11:10:18 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3768.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Jun 2 11:10:18 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3814.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3873.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER38FF.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER392F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\G00CXZJV.htm
|
HTML document, ASCII text, with very long lines (64945)
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\distantly.dat.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\distantly.dat.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\distantly.dat.dll,lcopy_block_row
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\distantly.dat.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 672
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 652
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\distantly.dat.dll,lcopy_sample_rows
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\distantly.dat.dll,ldiv_round_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\distantly.dat.dll",lcopy_block_row
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\distantly.dat.dll",lcopy_sample_rows
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\distantly.dat.dll",ldiv_round_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\distantly.dat.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\distantly.dat.dll",lround_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\distantly.dat.dll",lpeg_write_tables
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 660
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://s.yimg.com/ss/rapid-3.53.38.js
|
unknown
|
||
|
https://s.yimg.com/aaq/vzm/cs_1.4.0.js
|
unknown
|
||
|
https://s.yimg.com/cx/pv/perf-vitals_3.1.0.js
|
unknown
|
||
|
https://s.yimg.com/aaq/spotim/
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/27maLpkTB93XzaI1prBLfg--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/0ROULHQQc0kxU0JgsNkFew--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://fp-graviton-home-gateway.media.yahoo.com/
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/7mz1gUykvPcUcalzuGE1WQ--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://openweb.jac.yahoosandbox.com
|
unknown
|
||
|
https://s.yimg.com/uc/sf/0.1.322/js/safe.min.js
|
unknown
|
||
|
https://yahoo.com/
|
74.6.143.25
|
||
|
https://www.yahoo.com/
|
87.248.100.215
|
||
|
https://www.ad.com/?utm_source=yahoo-home&utm_medium=referral&utm_campaign=ad-feedback"
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/nDSzKTzruwlGWD3tTOyQ6Q--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://www.yahoo.com/px.gif
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/WPRptIkensEKSkqnDF0zXQ--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://search.yahoo.com/search?p=
|
unknown
|
||
|
https://5.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C4830441%7C0%7C225%7CAdId=11101911;BnId=2;ct=2751814
|
unknown
|
||
|
http://schema.org
|
unknown
|
||
|
http://www.opensource.org/licenses/mit-license.php
|
unknown
|
||
|
https://legal.yahoo.com/us/en/yahoo/privacy/adinfo/index.html"
|
unknown
|
||
|
https://s.yimg.com/aaq/wf/wf-core-1.63.0.js
|
unknown
|
||
|
https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=2023538075&c7=https%3A%2F%2Fwww.yahoo.com%2F&c
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/DPoM7IMoctMoJZibhnSBMw--~B/Zmk9c3RyaW07aD0zODg7cT05NTt3PTcyMDthcHB
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/DL.jvSKx.esoBzrSPEIwfQ--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://5.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C4830424%7C0%7C0%7CAdId=-41;BnId=0;ct=2751814974;st=
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/EtQws8V8gUWi7Lp0u6r4vg--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/nn/lib/metro/g/myy/advertisement_0.0.19.js
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/mzPB3eeJrxJuAn9uOhK0cA--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/aaq/nel/js/spotIm.custom.SpotIMJAC.modal.9d3270fa67932556c75baaed2c09c955.js
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/tPwgVkehrxGaI0QqcXUdhg--~B/Zmk9c3RyaW07aD0xMjM7cT05NTt3PTIyMDthcHB
|
unknown
|
||
|
https://yep.video.yahoo.com/oath/js/1/oath-player.js?ypv=8.5.43&lang=en-US
|
unknown
|
||
|
https://s.yimg.com/aaq/hc/homepage-pwa-defer-1.1.6.js
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/uoC01Si3ktPRn2o0u7VdqQ--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/0Cxuyu407OTaz_.ZyoovkA--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://openweb.jac.yahoosandbox.com/1.5.0/jac.js
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
new-fp-shed.wg1.b.yahoo.com
|
87.248.100.215
|
||
|
yahoo.com
|
74.6.143.25
|
||
|
www.yahoo.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
38.2.18.164
|
unknown
|
United States
|
|
|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
209.171.160.69
|
unknown
|
Canada
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
200.84.211.255
|
unknown
|
Venezuela
|
|
|
|
125.99.69.178
|
unknown
|
India
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
121.121.108.120
|
unknown
|
Malaysia
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
213.64.33.92
|
unknown
|
Sweden
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
24.234.220.88
|
unknown
|
United States
|
|
|
|
67.70.120.249
|
unknown
|
Canada
|
|
|
|
73.88.173.113
|
unknown
|
United States
|
|
|
|
72.205.104.134
|
unknown
|
United States
|
|
|
|
117.195.17.148
|
unknown
|
India
|
|
|
|
69.160.121.6
|
unknown
|
Jamaica
|
|
|
|
176.133.4.230
|
unknown
|
France
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
70.49.205.198
|
unknown
|
Canada
|
|
|
|
87.221.153.182
|
unknown
|
Spain
|
|
|
|
70.50.1.252
|
unknown
|
Canada
|
|
|
|
85.101.239.116
|
unknown
|
Turkey
|
|
|
|
181.4.225.225
|
unknown
|
Argentina
|
|
|
|
100.4.163.158
|
unknown
|
United States
|
|
|
|
103.141.50.43
|
unknown
|
India
|
|
|
|
70.50.83.216
|
unknown
|
Canada
|
|
|
|
92.1.170.110
|
unknown
|
United Kingdom
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
81.101.185.146
|
unknown
|
United Kingdom
|
|
|
|
116.75.63.183
|
unknown
|
India
|
|
|
|
124.246.122.199
|
unknown
|
Singapore
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
109.130.247.84
|
unknown
|
Belgium
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
66.241.183.99
|
unknown
|
United States
|
|
|
|
180.151.19.13
|
unknown
|
India
|
|
|
|
94.204.202.106
|
unknown
|
United Arab Emirates
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
103.212.19.254
|
unknown
|
India
|
|
|
|
85.61.165.153
|
unknown
|
Spain
|
|
|
|
91.160.70.68
|
unknown
|
France
|
|
|
|
201.143.215.69
|
unknown
|
Mexico
|
|
|
|
184.63.133.131
|
unknown
|
United States
|
|
|
|
203.109.44.236
|
unknown
|
India
|
|
|
|
90.104.151.37
|
unknown
|
France
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
2.49.63.160
|
unknown
|
United Arab Emirates
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
175.156.217.7
|
unknown
|
Singapore
|
|
|
|
103.139.242.6
|
unknown
|
India
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
173.17.45.60
|
unknown
|
United States
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
70.64.77.115
|
unknown
|
Canada
|
|
|
|
87.252.106.39
|
unknown
|
Italy
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
98.163.227.79
|
unknown
|
United States
|
|
|
|
93.187.148.45
|
unknown
|
United Kingdom
|
|
|
|
186.75.95.6
|
unknown
|
Panama
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
45.62.70.33
|
unknown
|
Canada
|
|
|
|
83.249.198.100
|
unknown
|
Sweden
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
47.199.241.39
|
unknown
|
United States
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
199.27.66.213
|
unknown
|
United States
|
|
|
|
200.44.198.47
|
unknown
|
Venezuela
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
86.173.2.12
|
unknown
|
United Kingdom
|
|
|
|
45.62.75.250
|
unknown
|
Canada
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
90.29.86.138
|
unknown
|
France
|
|
|
|
174.58.146.57
|
unknown
|
United States
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
5.192.141.228
|
unknown
|
United Arab Emirates
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
75.98.154.19
|
unknown
|
United States
|
|
|
|
77.126.99.230
|
unknown
|
Israel
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
74.12.147.139
|
unknown
|
Canada
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
113.11.92.30
|
unknown
|
Bangladesh
|
|
|
|
77.86.98.236
|
unknown
|
United Kingdom
|
|
|
|
103.140.174.20
|
unknown
|
India
|
|
|
|
87.248.100.215
|
new-fp-shed.wg1.b.yahoo.com
|
United Kingdom
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
74.6.143.25
|
yahoo.com
|
United States
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{1cf21a67-4b40-04f5-b1ee-d1e1547f68ed}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800A62E5AD0D
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800A62E5AD0D
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
6ff41576
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
5a6bc538
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
582ae544
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
e0968221
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
9d9ecdab
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
2522aace
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
e2d7a25d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
10bd7a80
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
6ff41576
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
6ff41576
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
6ff41576
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Iayobrqcoid
|
6ff41576
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1090000
|
heap
|
page read and write
|
|
|
|
6AA000
|
heap
|
page read and write
|
|
|
|
120E000
|
stack
|
page read and write
|
||
|
CAF000
|
stack
|
page read and write
|
||
|
4C3C000
|
heap
|
page read and write
|
||
|
6D5D000
|
heap
|
page read and write
|
||
|
21A61D38000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
4C6D000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
21A61C30000
|
heap
|
page read and write
|
||
|
21A62C50000
|
trusted library allocation
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
6D5B000
|
heap
|
page read and write
|
||
|
25E3C302000
|
trusted library allocation
|
page read and write
|
||
|
6CAC000
|
heap
|
page read and write
|
||
|
96F000
|
stack
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
F4B000
|
stack
|
page read and write
|
||
|
21A61CF7000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
71AE000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
6D5D000
|
heap
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
25E3C300000
|
trusted library allocation
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
6CBC000
|
heap
|
page read and write
|
||
|
3610000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
107B000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
25E3C402000
|
heap
|
page read and write
|
||
|
4C6C000
|
heap
|
page read and write
|
||
|
6CBC000
|
heap
|
page read and write
|
||
|
25E3C513000
|
heap
|
page read and write
|
||
|
76BA000
|
heap
|
page read and write
|
||
|
6CBC000
|
heap
|
page read and write
|
||
|
7BBD000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
25E3C400000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
6CB8000
|
heap
|
page read and write
|
||
|
4DC000
|
stack
|
page read and write
|
||
|
4C38000
|
heap
|
page read and write
|
||
|
356A000
|
heap
|
page read and write
|
||
|
6D2D000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
4C5F000
|
heap
|
page read and write
|
||
|
6CB8000
|
heap
|
page read and write
|
||
|
6794000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
25E3C239000
|
heap
|
page read and write
|
||
|
6D5D000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
E8A000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
21A62C60000
|
heap
|
page readonly
|
||
|
E70000
|
heap
|
page read and write
|
||
|
1326000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
6D5D000
|
heap
|
page read and write
|
||
|
25E3C315000
|
trusted library allocation
|
page read and write
|
||
|
6DC0000
|
heap
|
page read and write
|
||
|
123B000
|
stack
|
page read and write
|
||
|
25E3C528000
|
heap
|
page read and write
|
||
|
76B7000
|
heap
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
4C6A000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
6DC0000
|
heap
|
page read and write
|
||
|
6CAC000
|
heap
|
page read and write
|
||
|
21A61CD0000
|
trusted library allocation
|
page read and write
|
||
|
6DE4000
|
heap
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
6CAC000
|
heap
|
page read and write
|
||
|
6DC0000
|
heap
|
page read and write
|
||
|
4C6D000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
21A61CC0000
|
trusted library allocation
|
page read and write
|
||
|
21A61CE9000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
21A61CE5000
|
heap
|
page read and write
|
||
|
21A61BD0000
|
trusted library allocation
|
page read and write
|
||
|
6CAC000
|
heap
|
page read and write
|
||
|
25E3C0E0000
|
heap
|
page read and write
|
||
|
C69D3FE000
|
stack
|
page read and write
|
||
|
21A62C80000
|
trusted library allocation
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
21A62A00000
|
trusted library allocation
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
6DC0000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
10022000
|
direct allocation
|
page readonly
|
||
|
6D5B000
|
heap
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
6D2D000
|
heap
|
page read and write
|
||
|
B4C000
|
stack
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
4C2C000
|
heap
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page readonly
|
||
|
35BA000
|
heap
|
page read and write
|
||
|
6CB8000
|
heap
|
page read and write
|
||
|
17C0000
|
heap
|
page read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
21A61D59000
|
heap
|
page read and write
|
||
|
25E3C278000
|
heap
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
25E3C513000
|
heap
|
page read and write
|
||
|
25E3C239000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
6DC0000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
35C0000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
1001F000
|
direct allocation
|
page read and write
|
||
|
5B81000
|
heap
|
page read and write
|
||
|
25E3C213000
|
unkown
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
21A61C50000
|
heap
|
page read and write
|
||
|
21A62A10000
|
trusted library allocation
|
page read and write
|
||
|
25E3C524000
|
heap
|
page read and write
|
||
|
33FE000
|
stack
|
page read and write
|
||
|
36C000
|
stack
|
page read and write
|
||
|
25E3C500000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
25E3C502000
|
heap
|
page read and write
|
||
|
25E3C513000
|
heap
|
page read and write
|
||
|
F61000
|
heap
|
page read and write
|
||
|
6D5B000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
4930000
|
heap
|
page read and write
|
||
|
131B000
|
heap
|
page read and write
|
||
|
110F000
|
heap
|
page read and write
|
||
|
10B3000
|
heap
|
page read and write
|
||
|
76BB000
|
heap
|
page read and write
|
||
|
25E3C200000
|
unkown
|
page read and write
|
||
|
21A61EC0000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
7A0000
|
direct allocation
|
page execute read
|
||
|
3AB000
|
stack
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
6CB8000
|
heap
|
page read and write
|
||
|
C69D37C000
|
stack
|
page read and write
|
||
|
76BC000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
5E2C000
|
heap
|
page read and write
|
||
|
6D2D000
|
heap
|
page read and write
|
||
|
25E3C228000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
51B000
|
stack
|
page read and write
|
||
|
4C6D000
|
heap
|
page read and write
|
||
|
6CAC000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
349A000
|
heap
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
6D5B000
|
heap
|
page read and write
|
||
|
25E3C517000
|
heap
|
page read and write
|
||
|
71A7000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
25E3C278000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
71AA000
|
heap
|
page read and write
|
||
|
76B8000
|
heap
|
page read and write
|
||
|
4C04000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
6CAC000
|
heap
|
page read and write
|
||
|
6CBC000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
C69D479000
|
stack
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
6CB8000
|
heap
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
25E3C289000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
F80000
|
heap
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
6CBC000
|
heap
|
page read and write
|
||
|
25E3C413000
|
heap
|
page read and write
|
||
|
9DA000
|
heap
|
page read and write
|
||
|
C69CF0B000
|
stack
|
page read and write
|
||
|
6D5B000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
21A62CD0000
|
trusted library allocation
|
page read and write
|
||
|
121F000
|
stack
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
21A61D40000
|
heap
|
page read and write
|
||
|
6D2D000
|
heap
|
page read and write
|
||
|
ADF000
|
stack
|
page read and write
|
||
|
6D2D000
|
heap
|
page read and write
|
||
|
4C6C000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
6CBC000
|
heap
|
page read and write
|
||
|
50B000
|
stack
|
page read and write
|
||
|
B8B000
|
stack
|
page read and write
|
||
|
25E3C278000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
71A6000
|
heap
|
page read and write
|
||
|
76AD000
|
heap
|
page read and write
|
||
|
21A61D40000
|
heap
|
page read and write
|
||
|
6DE4000
|
heap
|
page read and write
|
||
|
25E3C502000
|
heap
|
page read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
110F000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
5E64000
|
heap
|
page read and write
|
||
|
6DC0000
|
heap
|
page read and write
|
||
|
6D5D000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
6D5B000
|
heap
|
page read and write
|
||
|
4BE1000
|
heap
|
page read and write
|
||
|
6D5D000
|
heap
|
page read and write
|
||
|
4FC000
|
stack
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
E0F28F9000
|
stack
|
page read and write
|
||
|
6D2D000
|
heap
|
page read and write
|
||
|
123E000
|
stack
|
page read and write
|
||
|
34D0000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
107B000
|
stack
|
page read and write
|
||
|
6DE4000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
25E3C323000
|
heap
|
page read and write
|
||
|
C69D2F9000
|
stack
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
150F000
|
stack
|
page read and write
|
||
|
6D2C000
|
heap
|
page read and write
|
||
|
25E3C070000
|
heap
|
page read and write
|
||
|
AFA000
|
heap
|
page read and write
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
103C000
|
stack
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
103C000
|
stack
|
page read and write
|
||
|
132A000
|
heap
|
page read and write
|
||
|
53B000
|
stack
|
page read and write
|
||
|
21A62C70000
|
trusted library allocation
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
6D5B000
|
heap
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
6D5B000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
6D4F000
|
heap
|
page read and write
|
||
|
7C4000
|
heap
|
page read and write
|
||
|
123B000
|
stack
|
page read and write
|
||
|
125F000
|
stack
|
page read and write
|
||
|
F61000
|
heap
|
page read and write
|
||
|
33AA000
|
heap
|
page read and write
|
||
|
34D0000
|
heap
|
page read and write
|
||
|
FEC000
|
stack
|
page read and write
|
||
|
25E3C080000
|
trusted library allocation
|
page read and write
|
||
|
66A7000
|
heap
|
page read and write
|
||
|
E5D000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
21A61CE0000
|
heap
|
page read and write
|
||
|
21A61BC0000
|
heap
|
page read and write
|
||
|
6D2D000
|
heap
|
page read and write
|
||
|
25E3C502000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
4C6A000
|
heap
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
347F000
|
stack
|
page read and write
|
||
|
71A6000
|
unkown
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
5B81000
|
heap
|
page read and write
|
||
|
5C80000
|
trusted library allocation
|
page read and write
|
||
|
25E3C289000
|
heap
|
page read and write
|
||
|
35CA000
|
heap
|
page read and write
|
||
|
6DE4000
|
heap
|
page read and write
|
||
|
21A61D40000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
C69D4FE000
|
stack
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
6CAC000
|
heap
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
4CC000
|
stack
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
6DE4000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
71AE000
|
heap
|
page read and write
|
||
|
6D5D000
|
heap
|
page read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
35B0000
|
heap
|
page read and write
|
||
|
6DE4000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
F70000
|
heap
|
page read and write
|
||
|
4C6C000
|
heap
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
25E3C23A000
|
heap
|
page read and write
|
||
|
4C6C000
|
heap
|
page read and write
|
||
|
6CB8000
|
heap
|
page read and write
|
||
|
6D2D000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
FDC000
|
stack
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
D9D000
|
stack
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
21A61CF0000
|
heap
|
page read and write
|
||
|
C9D000
|
stack
|
page read and write
|
||
|
E0F27F9000
|
stack
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
E0F20BD000
|
stack
|
page read and write
|
||
|
4C5F000
|
heap
|
page read and write
|
||
|
6D5B000
|
heap
|
page read and write
|
||
|
5B91000
|
heap
|
page read and write
|
||
|
6281000
|
heap
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
71A1000
|
heap
|
page read and write
|
||
|
35D0000
|
heap
|
page read and write
|
||
|
F0C000
|
stack
|
page read and write
|
||
|
25E3C502000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
6766000
|
heap
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
4C11000
|
heap
|
page read and write
|
||
|
25E3C20F000
|
unkown
|
page read and write
|
||
|
76A0000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
6D5D000
|
heap
|
page read and write
|
||
|
DEF000
|
stack
|
page read and write
|
There are 370 hidden memdumps, click here to show them.