Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
042_qbot.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_16a6013b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_16be0226\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_1b8a0ff1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f72750b22a9214184114f6be25e810eecaece948_82810a17_176a107e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C9.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 16:57:57 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8EC.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 16:57:58 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8ED.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB7E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE20B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 16:57:48 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE21B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 16:57:48 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE373.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE383.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3B3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3D2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ECC4WN1U.htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (1206), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\042_qbot.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\042_qbot.dll,lcopy_block_row
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 660
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 652
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\042_qbot.dll,lcopy_sample_rows
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\042_qbot.dll,ldiv_round_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",lcopy_block_row
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",lcopy_sample_rows
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",ldiv_round_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",lround_up
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 652
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",lpeg_write_tables
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 652
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.cisco.com/c/en_eg/index.html
|
unknown
|
||
|
https://www.youtube.com/user/cisco
|
unknown
|
||
|
https://www.cisco.com/c/en/us/solutions/service-provider/routed-optical-networking/index.html?ccid=c
|
unknown
|
||
|
https://www.cisco.com/c/ar_ae/index.html
|
unknown
|
||
|
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m05/cisco-launches-program-for-customers-and-p
|
unknown
|
||
|
https://www.cisco.com/c/en_sg/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en_dz/index.html
|
unknown
|
||
|
https://www.cisco.com/c/hu_hu/index.html
|
unknown
|
||
|
https://www.cisco.com/site/in/en/index.html
|
unknown
|
||
|
https://software.cisco.com/download/navigator.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/contact-cisco.html
|
unknown
|
||
|
https://www.schema.org
|
unknown
|
||
|
https://www.cisco.com/c/en/us/partners/connect-with-a-partner.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/sitemap.html
|
unknown
|
||
|
https://www.cisco.com/c/sv_se/index.html
|
unknown
|
||
|
https://www.cisco.com/c/ru_ru/index.html
|
unknown
|
||
|
https://learninglocator.cloudapps.cisco.com/#/home
|
unknown
|
||
|
https://www.cisco.com/c/pl_pl/index.html
|
unknown
|
||
|
https://blogs.cisco.com/security/now-is-the-time-to-step-up-your-security?utm_medium=web-referral&ut
|
unknown
|
||
|
https://www.cisco.com
|
unknown
|
||
|
https://www.cisco.com/c/fr_dz/index.html
|
unknown
|
||
|
https://www.cisco.com/c/de_ch/index.html
|
unknown
|
||
|
http://pdx-col.eum-appdynamics.com
|
unknown
|
||
|
https://www.cisco.com/site/fr/fr/index.html
|
unknown
|
||
|
https://www.cisco.com/c/nl_nl/index.html
|
unknown
|
||
|
https://www.cisco.com/site/au/en/index.html
|
unknown
|
||
|
https://www.cisco.com/c/es_ec/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/legal/trademarks.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about.html
|
unknown
|
||
|
https://www.cisco.com/c/pt_br/index.html
|
unknown
|
||
|
https://www.cisco.com/c/th_th/index.html
|
unknown
|
||
|
https://www.cisco.com/site/de/de/index.html
|
unknown
|
||
|
https://search.cisco.com/search?query=
|
unknown
|
||
|
http://schema.org/ImageObject
|
unknown
|
||
|
https://www.ciscolive.com/global.html?CID=cdchp&TEAM=global_events&MEDIUM=digital_direct&CAMPAIGN=bt
|
unknown
|
||
|
https://www.cisco.com/c/en_my/index.html
|
unknown
|
||
|
https://www.cisco.com/c/es_es/index.html
|
unknown
|
||
|
https://www.cisco.com/c/it_it/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en_il/index.html
|
unknown
|
||
|
https://www.cisco.com/site/cn/zh/index.html
|
unknown
|
||
|
https://newsroom.cisco.com/c/r/newsroom/en/us/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en_hk/index.html
|
unknown
|
||
|
https://www.cisco.com/c/de_at/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/solutions/enterprise-networks/promotions-free-trials/isr-router-upgrad
|
unknown
|
||
|
https://www.cisco.com/c/es_pa/index.html
|
unknown
|
||
|
https://www.cisco.com/c/da_dk/index.html
|
unknown
|
||
|
https://www.cisco.com/c/ru_ua/index.html
|
unknown
|
||
|
https://www.streamtext.net/player?event=Cisco-TESTING&language=en&controls-words=0&delay=0&title=fal
|
unknown
|
||
|
https://www.instagram.com/cisco/
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/accessibility.html
|
unknown
|
||
|
https://www.cisco.com/c/es_mx/index.html
|
unknown
|
||
|
https://www.cisco.com/c/fr_be/index.html
|
unknown
|
||
|
https://www.cisco.com/c/tr_tr/index.html
|
unknown
|
||
|
https://ciscocx.qualtrics.com/jfe/form/SV_0Tcp9VU8pUm4lBY?Ref=/c/en/us/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en_ph/index.html
|
unknown
|
||
|
https://www.cisco.com/c/es_ar/index.html
|
unknown
|
||
|
https://www.cisco.com/c/no_no/index.html
|
unknown
|
||
|
https://www.cisco.com/c/es_cr/index.html
|
unknown
|
||
|
https://twitter.com/Cisco/
|
unknown
|
||
|
https://www.cisco.com/c/ar_eg/index.html
|
unknown
|
||
|
https://www.cisco.com/c/ko_kr/index.html
|
unknown
|
||
|
https://www.cisco.com/c/ro_ro/index.html
|
unknown
|
||
|
https://www.cisco.com/site/ca/fr/index.html
|
unknown
|
||
|
https://www.cisco.com/c/nl_be/index.html
|
unknown
|
||
|
https://duo.com/solutions/risk-based-authentication?utm_medium=web-referral&utm_source=cisco#eyJoYXN
|
unknown
|
||
|
https://www.cisco.com/c/es_co/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/legal/terms-conditions.html
|
unknown
|
||
|
https://www.cisco.com/c/pt_pt/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/buy.html
|
unknown
|
||
|
https://www.cisco.com/c/uk_ua/index.html
|
unknown
|
||
|
https://cisco.com/
|
72.163.4.185
|
||
|
https://www.cisco.com/c/es_pe/index.html
|
unknown
|
||
|
https://www.cisco.com/c/m/en_us/solutions/hybrid-work/workplace-solutions/penn1-lookbook.html?ccid=c
|
unknown
|
||
|
https://www.cisco.com/c/en/us/training-events/training-certifications.html
|
unknown
|
||
|
https://www.cisco.com/c/cs_cz/index.html
|
unknown
|
||
|
https://www.cisco.com/web/fw/i/logo-open-graph.gif
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/careers.html
|
unknown
|
||
|
https://www.cisco.com/c/en_za/index.html
|
unknown
|
||
|
https://pdx-col.eum-appdynamics.com
|
unknown
|
||
|
https://community.cisco.com/
|
unknown
|
||
|
https://blogs.cisco.com/networking/it-leaders-contend-with-secure-multicloud-access-the-2023-global-
|
unknown
|
||
|
https://www.cisco.com/c/vi_vn/index.html
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://cdn.appdynamics.com
|
unknown
|
||
|
https://cdn.appdynamics.com
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/legal/privacy-full.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/help.html
|
unknown
|
||
|
https://www.cisco.com/site/uk/en/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/solutions/design-zone.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/training-events/events.html
|
unknown
|
||
|
https://www.cisco.com/site/jp/ja/index.html
|
unknown
|
||
|
https://www.cisco.com/c/es_bz/index.html
|
unknown
|
||
|
https://www.cisco.com/c/zh_hk/index.html
|
unknown
|
||
|
https://www.linkedin.com/company/cisco
|
unknown
|
||
|
https://www.cisco.com/
|
unknown
|
||
|
https://www.cisco.com/c/fr_ch/index.html
|
unknown
|
||
|
https://www.cisco.com/site/ca/en/index.html
|
unknown
|
||
|
https://www.cisco.com/c/dam/en_us/about/supply-chain/cisco-modern-slavery-statement.pdf
|
unknown
|
||
|
https://www.cisco.com/c/en_ae/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en_id/index.html
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cisco.com
|
72.163.4.185
|
||
|
www.cisco.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
38.2.18.164
|
unknown
|
United States
|
|
|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
209.171.160.69
|
unknown
|
Canada
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
200.84.211.255
|
unknown
|
Venezuela
|
|
|
|
125.99.69.178
|
unknown
|
India
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
121.121.108.120
|
unknown
|
Malaysia
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
213.64.33.92
|
unknown
|
Sweden
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
24.234.220.88
|
unknown
|
United States
|
|
|
|
67.70.120.249
|
unknown
|
Canada
|
|
|
|
73.88.173.113
|
unknown
|
United States
|
|
|
|
72.205.104.134
|
unknown
|
United States
|
|
|
|
117.195.17.148
|
unknown
|
India
|
|
|
|
69.160.121.6
|
unknown
|
Jamaica
|
|
|
|
176.133.4.230
|
unknown
|
France
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
70.49.205.198
|
unknown
|
Canada
|
|
|
|
87.221.153.182
|
unknown
|
Spain
|
|
|
|
70.50.1.252
|
unknown
|
Canada
|
|
|
|
85.101.239.116
|
unknown
|
Turkey
|
|
|
|
181.4.225.225
|
unknown
|
Argentina
|
|
|
|
100.4.163.158
|
unknown
|
United States
|
|
|
|
103.141.50.43
|
unknown
|
India
|
|
|
|
70.50.83.216
|
unknown
|
Canada
|
|
|
|
92.1.170.110
|
unknown
|
United Kingdom
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
81.101.185.146
|
unknown
|
United Kingdom
|
|
|
|
116.75.63.183
|
unknown
|
India
|
|
|
|
124.246.122.199
|
unknown
|
Singapore
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
109.130.247.84
|
unknown
|
Belgium
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
66.241.183.99
|
unknown
|
United States
|
|
|
|
180.151.19.13
|
unknown
|
India
|
|
|
|
94.204.202.106
|
unknown
|
United Arab Emirates
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
103.212.19.254
|
unknown
|
India
|
|
|
|
85.61.165.153
|
unknown
|
Spain
|
|
|
|
91.160.70.68
|
unknown
|
France
|
|
|
|
201.143.215.69
|
unknown
|
Mexico
|
|
|
|
184.63.133.131
|
unknown
|
United States
|
|
|
|
203.109.44.236
|
unknown
|
India
|
|
|
|
90.104.151.37
|
unknown
|
France
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
2.49.63.160
|
unknown
|
United Arab Emirates
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
175.156.217.7
|
unknown
|
Singapore
|
|
|
|
103.139.242.6
|
unknown
|
India
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
173.17.45.60
|
unknown
|
United States
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
70.64.77.115
|
unknown
|
Canada
|
|
|
|
87.252.106.39
|
unknown
|
Italy
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
98.163.227.79
|
unknown
|
United States
|
|
|
|
93.187.148.45
|
unknown
|
United Kingdom
|
|
|
|
186.75.95.6
|
unknown
|
Panama
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
45.62.70.33
|
unknown
|
Canada
|
|
|
|
83.249.198.100
|
unknown
|
Sweden
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
47.199.241.39
|
unknown
|
United States
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
199.27.66.213
|
unknown
|
United States
|
|
|
|
200.44.198.47
|
unknown
|
Venezuela
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
86.173.2.12
|
unknown
|
United Kingdom
|
|
|
|
45.62.75.250
|
unknown
|
Canada
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
90.29.86.138
|
unknown
|
France
|
|
|
|
174.58.146.57
|
unknown
|
United States
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
5.192.141.228
|
unknown
|
United Arab Emirates
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
75.98.154.19
|
unknown
|
United States
|
|
|
|
77.126.99.230
|
unknown
|
Israel
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
74.12.147.139
|
unknown
|
Canada
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
113.11.92.30
|
unknown
|
Bangladesh
|
|
|
|
77.86.98.236
|
unknown
|
United Kingdom
|
|
|
|
103.140.174.20
|
unknown
|
India
|
|
|
|
78.192.109.105
|
unknown
|
France
|
|
|
|
78.82.143.154
|
unknown
|
Sweden
|
|
|
|
72.163.4.185
|
cisco.com
|
United States
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0095B8EDA58
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0095B8EDA58
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
8d57917d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
b8c84133
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
ba89614f
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
235062a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
7f3d49a0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
c7812ec5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
742656
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
f21efe8b
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
8d57917d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
8d57917d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
8d57917d
|
There are 32 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4470000
|
heap
|
page read and write
|
|
|
|
58A000
|
heap
|
page read and write
|
|
|
|
6ADC7000
|
unkown
|
page readonly
|
||
|
5ACF000
|
heap
|
page read and write
|
||
|
47B000
|
stack
|
page read and write
|
||
|
44EF000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
5ADD000
|
heap
|
page read and write
|
||
|
50B000
|
stack
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
2C5D8F0E000
|
heap
|
page read and write
|
||
|
6474000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
580000
|
heap
|
page read and write
|
||
|
DC000
|
stack
|
page read and write
|
||
|
2EB17702000
|
trusted library allocation
|
page read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
302F000
|
stack
|
page read and write
|
||
|
D51000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
7242000
|
heap
|
page read and write
|
||
|
5871000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
FB3147B000
|
stack
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
2EB17674000
|
heap
|
page read and write
|
||
|
1001F000
|
direct allocation
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
2C5D9020000
|
trusted library allocation
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
F033F79000
|
stack
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
2EB17A02000
|
heap
|
page read and write
|
||
|
6DFE000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
5AAD000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
6C32000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
2EB17B02000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
5AAD000
|
heap
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
C7B000
|
stack
|
page read and write
|
||
|
2C5D8E40000
|
heap
|
page read and write
|
||
|
6474000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
5AAC000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
5A3C000
|
heap
|
page read and write
|
||
|
492F000
|
heap
|
page read and write
|
||
|
5A38000
|
heap
|
page read and write
|
||
|
48E0000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
5A38000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
5A38000
|
heap
|
page read and write
|
||
|
78F000
|
stack
|
page read and write
|
||
|
2EB174D0000
|
heap
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
4910000
|
heap
|
page read and write
|
||
|
490C000
|
heap
|
page read and write
|
||
|
5A38000
|
heap
|
page read and write
|
||
|
D2A000
|
heap
|
page read and write
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
5C04000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
7248000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
5861000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
5A3C000
|
heap
|
page read and write
|
||
|
13B000
|
stack
|
page read and write
|
||
|
6837000
|
heap
|
page read and write
|
||
|
2EB17613000
|
unkown
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
6474000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
2EB17628000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
4960000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
7BB000
|
stack
|
page read and write
|
||
|
2EB17600000
|
unkown
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
AEA000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
2EB17B13000
|
heap
|
page read and write
|
||
|
2EB17A13000
|
heap
|
page read and write
|
||
|
5AAD000
|
heap
|
page read and write
|
||
|
320A000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
724B000
|
heap
|
page read and write
|
||
|
5A3C000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
E5F000
|
stack
|
page read and write
|
||
|
334F000
|
stack
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
E80000
|
heap
|
page read and write
|
||
|
724D000
|
heap
|
page read and write
|
||
|
E5C000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
5ACF000
|
heap
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
50D000
|
stack
|
page read and write
|
||
|
6D33000
|
heap
|
page read and write
|
||
|
5A38000
|
heap
|
page read and write
|
||
|
5ACF000
|
heap
|
page read and write
|
||
|
2EB176AD000
|
heap
|
page read and write
|
||
|
E0F000
|
stack
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
FB316FF000
|
stack
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
2C5D8F06000
|
heap
|
page read and write
|
||
|
2C5D8FC0000
|
trusted library allocation
|
page read and write
|
||
|
10022000
|
direct allocation
|
page readonly
|
||
|
5ACF000
|
heap
|
page read and write
|
||
|
5A3C000
|
heap
|
page read and write
|
||
|
2C5D8E20000
|
heap
|
page read and write
|
||
|
6474000
|
heap
|
page read and write
|
||
|
4493000
|
heap
|
page read and write
|
||
|
44EF000
|
heap
|
page read and write
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
6D3A000
|
unkown
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
5ADD000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
5BCC000
|
heap
|
page read and write
|
||
|
6474000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
5ADD000
|
heap
|
page read and write
|
||
|
2C5D9080000
|
trusted library allocation
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
48E1000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
6474000
|
heap
|
page read and write
|
||
|
6474000
|
heap
|
page read and write
|
||
|
2EB174E0000
|
trusted library allocation
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
5AAD000
|
heap
|
page read and write
|
||
|
2EB17639000
|
heap
|
page read and write
|
||
|
7539000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
2C5D8CE0000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
5A3C000
|
heap
|
page read and write
|
||
|
66A000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
1FE000
|
stack
|
page read and write
|
||
|
5ACF000
|
heap
|
page read and write
|
||
|
5A20000
|
trusted library allocation
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
48B1000
|
heap
|
page read and write
|
||
|
ADB000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
5ADD000
|
heap
|
page read and write
|
||
|
6D33000
|
heap
|
page read and write
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
2C5D9D80000
|
heap
|
page readonly
|
||
|
2C5D8EC0000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
FB315F9000
|
stack
|
page read and write
|
||
|
6D3C000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
2EB17540000
|
heap
|
page read and write
|
||
|
492F000
|
heap
|
page read and write
|
||
|
2C5D8F0E000
|
heap
|
page read and write
|
||
|
5ADD000
|
heap
|
page read and write
|
||
|
5A38000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
5A38000
|
heap
|
page read and write
|
||
|
2C5D8EC8000
|
heap
|
page read and write
|
||
|
2C5D9070000
|
heap
|
page read and write
|
||
|
2EB17B02000
|
heap
|
page read and write
|
||
|
6D39000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
5A3C000
|
heap
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
2EB176AD000
|
heap
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page readonly
|
||
|
57E0000
|
trusted library allocation
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
5AAD000
|
heap
|
page read and write
|
||
|
4BAF000
|
stack
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
5ADD000
|
heap
|
page read and write
|
||
|
48FC000
|
heap
|
page read and write
|
||
|
5ADD000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
3550000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
2EB1763A000
|
heap
|
page read and write
|
||
|
6D33000
|
heap
|
page read and write
|
||
|
5ADD000
|
heap
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
CEA000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
93C000
|
stack
|
page read and write
|
||
|
2C5D9DF0000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
2EB17674000
|
heap
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
C7B000
|
stack
|
page read and write
|
||
|
5A38000
|
heap
|
page read and write
|
||
|
860000
|
direct allocation
|
page execute read
|
||
|
4908000
|
heap
|
page read and write
|
||
|
2C5D9075000
|
heap
|
page read and write
|
||
|
5A3C000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
47DF000
|
stack
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
2EB1760D000
|
unkown
|
page read and write
|
||
|
5A3C000
|
heap
|
page read and write
|
||
|
5ADD000
|
heap
|
page read and write
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
5AAD000
|
heap
|
page read and write
|
||
|
50F000
|
stack
|
page read and write
|
||
|
D51000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
6D35000
|
heap
|
page read and write
|
||
|
6474000
|
heap
|
page read and write
|
||
|
2C5D9B70000
|
trusted library allocation
|
page read and write
|
||
|
56F000
|
stack
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
17B000
|
stack
|
page read and write
|
||
|
2EB17723000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
F033BDD000
|
stack
|
page read and write
|
||
|
F034379000
|
stack
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
5AAD000
|
heap
|
page read and write
|
||
|
5F21000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
493A000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
2EB17700000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
2EB1763A000
|
heap
|
page read and write
|
||
|
6474000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
5ACF000
|
heap
|
page read and write
|
||
|
E50000
|
trusted library allocation
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
4CC000
|
stack
|
page read and write
|
||
|
5AAD000
|
heap
|
page read and write
|
||
|
11B000
|
stack
|
page read and write
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
E9E000
|
stack
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
FB317FB000
|
stack
|
page read and write
|
||
|
2C5D8EB0000
|
trusted library allocation
|
page read and write
|
||
|
48D4000
|
heap
|
page read and write
|
||
|
2F6B000
|
stack
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
CCF000
|
stack
|
page read and write
|
||
|
97B000
|
stack
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
5861000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
2C5D9DA0000
|
trusted library allocation
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
2C5D9D90000
|
trusted library allocation
|
page read and write
|
||
|
2F2C000
|
stack
|
page read and write
|
||
|
E9B000
|
stack
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
2EB17A00000
|
heap
|
page read and write
|
||
|
7243000
|
heap
|
page read and write
|
||
|
D8A000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
FB3167A000
|
stack
|
page read and write
|
||
|
5AAD000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
493A000
|
heap
|
page read and write
|
||
|
2C5D8CF0000
|
trusted library allocation
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
5A38000
|
heap
|
page read and write
|
||
|
4930000
|
heap
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
493A000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
DDA000
|
heap
|
page read and write
|
||
|
5ACF000
|
heap
|
page read and write
|
||
|
DCF000
|
stack
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
724D000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
77C000
|
stack
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
5A2C000
|
heap
|
page read and write
|
||
|
5ACF000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
EBF000
|
stack
|
page read and write
|
||
|
5A3C000
|
heap
|
page read and write
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
2C5D9060000
|
trusted library allocation
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
2EB17B00000
|
heap
|
page read and write
|
||
|
2C5D9079000
|
heap
|
page read and write
|
||
|
6D4A000
|
heap
|
page read and write
|
||
|
2EB17673000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
2C5D8F0E000
|
heap
|
page read and write
|
||
|
2EB17715000
|
trusted library allocation
|
page read and write
|
||
|
5ACF000
|
heap
|
page read and write
|
There are 377 hidden memdumps, click here to show them.