Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
042_qbot.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_150fa2ea\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_1a7ba24e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_1b77b0e4\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f72750b22a9214184114f6be25e810eecaece948_82810a17_1a83b0f4\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8020.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 17:10:38 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER80BC.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 17:10:38 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER81E6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8215.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8244.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA490.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 17:10:47 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA56A.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 17:10:48 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA627.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA686.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA702.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA760.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.tmp.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_16a6013b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_16be0226\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_1b8a0ff1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f72750b22a9214184114f6be25e810eecaece948_82810a17_176a107e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C9.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 16:57:57 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8EC.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 16:57:58 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8ED.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB7E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE20B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 16:57:48 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE21B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jun 6 16:57:48 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE373.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE383.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3B3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE3D2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ECC4WN1U.htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (1206), with CRLF, LF line terminators
|
dropped
|
There are 27 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\042_qbot.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\042_qbot.dll,lcopy_block_row
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 660
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\042_qbot.dll,lcopy_sample_rows
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\042_qbot.dll,ldiv_round_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",lcopy_block_row
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",lcopy_sample_rows
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",ldiv_round_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",lround_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll",lpeg_write_tables
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 652
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 660
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 652
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 12 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
https://www.cisco.com/c/en_eg/index.html
|
unknown
|
||
|
https://www.youtube.com/user/cisco
|
unknown
|
||
|
https://www.cisco.com/c/en/us/solutions/service-provider/routed-optical-networking/index.html?ccid=c
|
unknown
|
||
|
https://www.cisco.com/c/ar_ae/index.html
|
unknown
|
||
|
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m05/cisco-launches-program-for-customers-and-p
|
unknown
|
||
|
https://www.cisco.com/c/en_sg/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en_dz/index.html
|
unknown
|
||
|
https://www.cisco.com/c/hu_hu/index.html
|
unknown
|
||
|
https://www.cisco.com/site/in/en/index.html
|
unknown
|
||
|
https://software.cisco.com/download/navigator.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/contact-cisco.html
|
unknown
|
||
|
https://www.schema.org
|
unknown
|
||
|
https://www.cisco.com/c/en/us/partners/connect-with-a-partner.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/sitemap.html
|
unknown
|
||
|
https://www.cisco.com/c/sv_se/index.html
|
unknown
|
||
|
https://www.cisco.com/c/ru_ru/index.html
|
unknown
|
||
|
https://learninglocator.cloudapps.cisco.com/#/home
|
unknown
|
||
|
https://www.cisco.com/c/pl_pl/index.html
|
unknown
|
||
|
https://blogs.cisco.com/security/now-is-the-time-to-step-up-your-security?utm_medium=web-referral&ut
|
unknown
|
||
|
https://www.cisco.com
|
unknown
|
||
|
https://www.cisco.com/c/fr_dz/index.html
|
unknown
|
||
|
https://www.cisco.com/c/de_ch/index.html
|
unknown
|
||
|
http://pdx-col.eum-appdynamics.com
|
unknown
|
||
|
https://www.cisco.com/site/fr/fr/index.html
|
unknown
|
||
|
https://www.cisco.com/c/nl_nl/index.html
|
unknown
|
||
|
https://www.cisco.com/site/au/en/index.html
|
unknown
|
||
|
https://www.cisco.com/c/es_ec/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/legal/trademarks.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about.html
|
unknown
|
||
|
https://www.cisco.com/c/pt_br/index.html
|
unknown
|
||
|
https://www.cisco.com/c/th_th/index.html
|
unknown
|
||
|
https://www.cisco.com/site/de/de/index.html
|
unknown
|
||
|
https://search.cisco.com/search?query=
|
unknown
|
||
|
http://schema.org/ImageObject
|
unknown
|
||
|
https://www.ciscolive.com/global.html?CID=cdchp&TEAM=global_events&MEDIUM=digital_direct&CAMPAIGN=bt
|
unknown
|
||
|
https://www.cisco.com/c/en_my/index.html
|
unknown
|
||
|
https://www.cisco.com/c/es_es/index.html
|
unknown
|
||
|
https://www.cisco.com/c/it_it/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en_il/index.html
|
unknown
|
||
|
https://www.cisco.com/site/cn/zh/index.html
|
unknown
|
||
|
https://newsroom.cisco.com/c/r/newsroom/en/us/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en_hk/index.html
|
unknown
|
||
|
https://www.cisco.com/c/de_at/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/solutions/enterprise-networks/promotions-free-trials/isr-router-upgrad
|
unknown
|
||
|
https://www.cisco.com/c/es_pa/index.html
|
unknown
|
||
|
https://www.cisco.com/c/da_dk/index.html
|
unknown
|
||
|
https://www.cisco.com/c/ru_ua/index.html
|
unknown
|
||
|
https://www.streamtext.net/player?event=Cisco-TESTING&language=en&controls-words=0&delay=0&title=fal
|
unknown
|
||
|
https://www.instagram.com/cisco/
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/accessibility.html
|
unknown
|
||
|
https://www.cisco.com/c/es_mx/index.html
|
unknown
|
||
|
https://www.cisco.com/c/fr_be/index.html
|
unknown
|
||
|
https://www.cisco.com/c/tr_tr/index.html
|
unknown
|
||
|
https://ciscocx.qualtrics.com/jfe/form/SV_0Tcp9VU8pUm4lBY?Ref=/c/en/us/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en_ph/index.html
|
unknown
|
||
|
https://www.cisco.com/c/es_ar/index.html
|
unknown
|
||
|
https://www.cisco.com/c/no_no/index.html
|
unknown
|
||
|
https://www.cisco.com/c/es_cr/index.html
|
unknown
|
||
|
https://twitter.com/Cisco/
|
unknown
|
||
|
https://www.cisco.com/c/ar_eg/index.html
|
unknown
|
||
|
https://www.cisco.com/c/ko_kr/index.html
|
unknown
|
||
|
https://www.cisco.com/c/ro_ro/index.html
|
unknown
|
||
|
https://www.cisco.com/site/ca/fr/index.html
|
unknown
|
||
|
https://www.cisco.com/c/nl_be/index.html
|
unknown
|
||
|
https://duo.com/solutions/risk-based-authentication?utm_medium=web-referral&utm_source=cisco#eyJoYXN
|
unknown
|
||
|
https://www.cisco.com/c/es_co/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/legal/terms-conditions.html
|
unknown
|
||
|
https://www.cisco.com/c/pt_pt/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/buy.html
|
unknown
|
||
|
https://www.cisco.com/c/uk_ua/index.html
|
unknown
|
||
|
https://cisco.com/
|
72.163.4.185
|
||
|
https://www.cisco.com/c/es_pe/index.html
|
unknown
|
||
|
https://www.cisco.com/c/m/en_us/solutions/hybrid-work/workplace-solutions/penn1-lookbook.html?ccid=c
|
unknown
|
||
|
https://www.cisco.com/c/en/us/training-events/training-certifications.html
|
unknown
|
||
|
https://www.cisco.com/c/cs_cz/index.html
|
unknown
|
||
|
https://www.cisco.com/web/fw/i/logo-open-graph.gif
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/careers.html
|
unknown
|
||
|
https://www.cisco.com/c/en_za/index.html
|
unknown
|
||
|
https://pdx-col.eum-appdynamics.com
|
unknown
|
||
|
https://community.cisco.com/
|
unknown
|
||
|
https://blogs.cisco.com/networking/it-leaders-contend-with-secure-multicloud-access-the-2023-global-
|
unknown
|
||
|
https://www.cisco.com/c/vi_vn/index.html
|
unknown
|
||
|
http://cdn.appdynamics.com
|
unknown
|
||
|
https://cdn.appdynamics.com
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/legal/privacy-full.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/about/help.html
|
unknown
|
||
|
https://www.cisco.com/site/uk/en/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/solutions/design-zone.html
|
unknown
|
||
|
https://www.cisco.com/c/en/us/training-events/events.html
|
unknown
|
||
|
https://www.cisco.com/site/jp/ja/index.html
|
unknown
|
||
|
https://www.cisco.com/c/es_bz/index.html
|
unknown
|
||
|
https://www.cisco.com/c/zh_hk/index.html
|
unknown
|
||
|
https://www.linkedin.com/company/cisco
|
unknown
|
||
|
https://www.cisco.com/
|
unknown
|
||
|
https://www.cisco.com/c/fr_ch/index.html
|
unknown
|
||
|
https://www.cisco.com/site/ca/en/index.html
|
unknown
|
||
|
https://www.cisco.com/c/dam/en_us/about/supply-chain/cisco-modern-slavery-statement.pdf
|
unknown
|
||
|
https://www.cisco.com/c/en_ae/index.html
|
unknown
|
||
|
https://www.cisco.com/c/en_id/index.html
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cisco.com
|
72.163.4.185
|
||
|
www.cisco.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
38.2.18.164
|
unknown
|
United States
|
|
|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
209.171.160.69
|
unknown
|
Canada
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
200.84.211.255
|
unknown
|
Venezuela
|
|
|
|
125.99.69.178
|
unknown
|
India
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
121.121.108.120
|
unknown
|
Malaysia
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
213.64.33.92
|
unknown
|
Sweden
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
24.234.220.88
|
unknown
|
United States
|
|
|
|
67.70.120.249
|
unknown
|
Canada
|
|
|
|
73.88.173.113
|
unknown
|
United States
|
|
|
|
72.205.104.134
|
unknown
|
United States
|
|
|
|
117.195.17.148
|
unknown
|
India
|
|
|
|
69.160.121.6
|
unknown
|
Jamaica
|
|
|
|
176.133.4.230
|
unknown
|
France
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
70.49.205.198
|
unknown
|
Canada
|
|
|
|
87.221.153.182
|
unknown
|
Spain
|
|
|
|
70.50.1.252
|
unknown
|
Canada
|
|
|
|
85.101.239.116
|
unknown
|
Turkey
|
|
|
|
181.4.225.225
|
unknown
|
Argentina
|
|
|
|
100.4.163.158
|
unknown
|
United States
|
|
|
|
103.141.50.43
|
unknown
|
India
|
|
|
|
70.50.83.216
|
unknown
|
Canada
|
|
|
|
92.1.170.110
|
unknown
|
United Kingdom
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
81.101.185.146
|
unknown
|
United Kingdom
|
|
|
|
116.75.63.183
|
unknown
|
India
|
|
|
|
124.246.122.199
|
unknown
|
Singapore
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
109.130.247.84
|
unknown
|
Belgium
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
66.241.183.99
|
unknown
|
United States
|
|
|
|
180.151.19.13
|
unknown
|
India
|
|
|
|
94.204.202.106
|
unknown
|
United Arab Emirates
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
103.212.19.254
|
unknown
|
India
|
|
|
|
85.61.165.153
|
unknown
|
Spain
|
|
|
|
91.160.70.68
|
unknown
|
France
|
|
|
|
201.143.215.69
|
unknown
|
Mexico
|
|
|
|
184.63.133.131
|
unknown
|
United States
|
|
|
|
203.109.44.236
|
unknown
|
India
|
|
|
|
90.104.151.37
|
unknown
|
France
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
2.49.63.160
|
unknown
|
United Arab Emirates
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
175.156.217.7
|
unknown
|
Singapore
|
|
|
|
103.139.242.6
|
unknown
|
India
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
173.17.45.60
|
unknown
|
United States
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
70.64.77.115
|
unknown
|
Canada
|
|
|
|
87.252.106.39
|
unknown
|
Italy
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
98.163.227.79
|
unknown
|
United States
|
|
|
|
93.187.148.45
|
unknown
|
United Kingdom
|
|
|
|
186.75.95.6
|
unknown
|
Panama
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
45.62.70.33
|
unknown
|
Canada
|
|
|
|
83.249.198.100
|
unknown
|
Sweden
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
47.199.241.39
|
unknown
|
United States
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
199.27.66.213
|
unknown
|
United States
|
|
|
|
200.44.198.47
|
unknown
|
Venezuela
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
86.173.2.12
|
unknown
|
United Kingdom
|
|
|
|
45.62.75.250
|
unknown
|
Canada
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
90.29.86.138
|
unknown
|
France
|
|
|
|
174.58.146.57
|
unknown
|
United States
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
5.192.141.228
|
unknown
|
United Arab Emirates
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
75.98.154.19
|
unknown
|
United States
|
|
|
|
77.126.99.230
|
unknown
|
Israel
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
74.12.147.139
|
unknown
|
Canada
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
113.11.92.30
|
unknown
|
Bangladesh
|
|
|
|
77.86.98.236
|
unknown
|
United Kingdom
|
|
|
|
103.140.174.20
|
unknown
|
India
|
|
|
|
78.192.109.105
|
unknown
|
France
|
|
|
|
78.82.143.154
|
unknown
|
Sweden
|
|
|
|
72.163.4.185
|
cisco.com
|
United States
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018400BBE2D0458
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiOverridePath
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile
|
WritePermissionsCheck
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile
|
ProviderSyncId
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{cfcc0cd9-f3b7-2403-8997-c03eb5b3c707}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018400BBE2D0458
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xlbhlekolcltg
|
a517c387
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xlbhlekolcltg
|
908813c9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xlbhlekolcltg
|
92c933b5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xlbhlekolcltg
|
2a7554d0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xlbhlekolcltg
|
577d1b5a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xlbhlekolcltg
|
efc17c3f
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xlbhlekolcltg
|
283474ac
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xlbhlekolcltg
|
da5eac71
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xlbhlekolcltg
|
ed805c43
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Xlbhlekolcltg
|
a517c387
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{4ebe6f36-44ea-0580-2ccd-ccef5cf9d7f8}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0095B8EDA58
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C0095B8EDA58
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
8d57917d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
b8c84133
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
ba89614f
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
235062a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
7f3d49a0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
c7812ec5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
742656
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
f21efe8b
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
8d57917d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
8d57917d
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Hauegiyzek
|
8d57917d
|
There are 65 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
BDA000
|
heap
|
page read and write
|
|
|
|
48E0000
|
heap
|
page read and write
|
|
|
|
707F000
|
heap
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
1BBF1D2A000
|
heap
|
page read and write
|
||
|
708D000
|
heap
|
page read and write
|
||
|
6FE8000
|
heap
|
page read and write
|
||
|
7314000
|
heap
|
page read and write
|
||
|
B6C000
|
stack
|
page read and write
|
||
|
76C000
|
stack
|
page read and write
|
||
|
6FEC000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
26699DE8000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
1BBF1D13000
|
heap
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
88F000
|
stack
|
page read and write
|
||
|
EAA000
|
heap
|
page read and write
|
||
|
13AF000
|
stack
|
page read and write
|
||
|
708B000
|
heap
|
page read and write
|
||
|
5EF1000
|
heap
|
page read and write
|
||
|
26699C70000
|
heap
|
page read and write
|
||
|
1EB000
|
stack
|
page read and write
|
||
|
4FFF000
|
heap
|
page read and write
|
||
|
707F000
|
heap
|
page read and write
|
||
|
1BBF184A000
|
unkown
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
6FDC000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
9862F79000
|
stack
|
page read and write
|
||
|
6FEC000
|
heap
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
6FDC000
|
heap
|
page read and write
|
||
|
6904000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
26699FF0000
|
trusted library allocation
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
2669A030000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
1BBF1849000
|
heap
|
page read and write
|
||
|
26699E31000
|
heap
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
780000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
69CA000
|
heap
|
page read and write
|
||
|
4FA4000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
495F000
|
heap
|
page read and write
|
||
|
1BBF1900000
|
trusted library allocation
|
page read and write
|
||
|
2669AD40000
|
trusted library allocation
|
page read and write
|
||
|
EEB000
|
stack
|
page read and write
|
||
|
6FEC000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
705D000
|
heap
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
1BBF1884000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
1BBF1923000
|
heap
|
page read and write
|
||
|
1BBF1E02000
|
heap
|
page read and write
|
||
|
708D000
|
heap
|
page read and write
|
||
|
2669A040000
|
trusted library allocation
|
page read and write
|
||
|
26699E31000
|
heap
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
707F000
|
heap
|
page read and write
|
||
|
707F000
|
heap
|
page read and write
|
||
|
707F000
|
heap
|
page read and write
|
||
|
7314000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
7AB000
|
stack
|
page read and write
|
||
|
4903000
|
heap
|
page read and write
|
||
|
6FDC000
|
heap
|
page read and write
|
||
|
76D1000
|
heap
|
page read and write
|
||
|
717C000
|
heap
|
page read and write
|
||
|
708D000
|
heap
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
6FEC000
|
heap
|
page read and write
|
||
|
707F000
|
heap
|
page read and write
|
||
|
6EBE3FD000
|
stack
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
9862BF9000
|
stack
|
page read and write
|
||
|
6FDC000
|
heap
|
page read and write
|
||
|
76D3000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
1BBF1730000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
705D000
|
heap
|
page read and write
|
||
|
1BBF1C02000
|
heap
|
page read and write
|
||
|
7BE0000
|
heap
|
page read and write
|
||
|
F9C000
|
stack
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
36CA000
|
heap
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
1BBF1D24000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
B40000
|
heap
|
page read and write
|
||
|
6FE8000
|
heap
|
page read and write
|
||
|
26699C80000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
76D2000
|
heap
|
page read and write
|
||
|
26699EE0000
|
heap
|
page read and write
|
||
|
495F000
|
heap
|
page read and write
|
||
|
705D000
|
heap
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
5F04000
|
heap
|
page read and write
|
||
|
112E000
|
stack
|
page read and write
|
||
|
2669A039000
|
heap
|
page read and write
|
||
|
1BBF1915000
|
trusted library allocation
|
page read and write
|
||
|
4FB1000
|
heap
|
page read and write
|
||
|
4FD8000
|
heap
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
76DB000
|
heap
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
AF0000
|
direct allocation
|
page execute read
|
||
|
800000
|
heap
|
page read and write
|
||
|
705D000
|
heap
|
page read and write
|
||
|
708B000
|
heap
|
page read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
C1A000
|
heap
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
708D000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
705D000
|
heap
|
page read and write
|
||
|
4EA000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
6FE8000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
49B000
|
stack
|
page read and write
|
||
|
26699E31000
|
heap
|
page read and write
|
||
|
10022000
|
direct allocation
|
page readonly
|
||
|
6FE8000
|
heap
|
page read and write
|
||
|
6FDC000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
4981000
|
heap
|
page read and write
|
||
|
6FDC000
|
heap
|
page read and write
|
||
|
35B0000
|
heap
|
page read and write
|
||
|
1BBF1828000
|
heap
|
page read and write
|
||
|
7314000
|
heap
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
6FDC000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
3FD000
|
stack
|
page read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
1BBF1D13000
|
heap
|
page read and write
|
||
|
1BBF184A000
|
heap
|
page read and write
|
||
|
1BBF180D000
|
unkown
|
page read and write
|
||
|
6EBE27B000
|
stack
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
76DF000
|
heap
|
page read and write
|
||
|
1BBF1886000
|
unkown
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
500A000
|
heap
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
705D000
|
heap
|
page read and write
|
||
|
4FAF000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
4981000
|
heap
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
6FE8000
|
heap
|
page read and write
|
||
|
76DD000
|
heap
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
1BBF1D02000
|
heap
|
page read and write
|
||
|
705D000
|
heap
|
page read and write
|
||
|
6FDC000
|
heap
|
page read and write
|
||
|
6CF000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
708B000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
90B000
|
stack
|
page read and write
|
||
|
1BBF1D17000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
26699FB0000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
685A000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
6FDC000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
708D000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
708D000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
1BBF1C13000
|
heap
|
page read and write
|
||
|
2669A035000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
9862A7D000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
1BBF16C0000
|
heap
|
page read and write
|
||
|
2669AB30000
|
trusted library allocation
|
page read and write
|
||
|
7314000
|
heap
|
page read and write
|
||
|
1BBF184A000
|
unkown
|
page read and write
|
||
|
1BBF1E05000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
1BBF1800000
|
unkown
|
page read and write
|
||
|
2669A000000
|
heap
|
page readonly
|
||
|
45C000
|
stack
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
71B4000
|
heap
|
page read and write
|
||
|
708B000
|
heap
|
page read and write
|
||
|
26699F50000
|
trusted library allocation
|
page read and write
|
||
|
705D000
|
heap
|
page read and write
|
||
|
11FF000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
6FEC000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
4980000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
2669AD80000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
6FE8000
|
heap
|
page read and write
|
||
|
1BBF1D02000
|
heap
|
page read and write
|
||
|
707F000
|
heap
|
page read and write
|
||
|
1AC000
|
stack
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
7BF9000
|
heap
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
138F000
|
stack
|
page read and write
|
||
|
BAB000
|
stack
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
78A000
|
heap
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
36C0000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
341E000
|
stack
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
9EB000
|
heap
|
page read and write
|
||
|
10EF000
|
stack
|
page read and write
|
||
|
26699DE0000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
671E000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
6FC000
|
stack
|
page read and write
|
||
|
CDF000
|
stack
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
5F10000
|
heap
|
page read and write
|
||
|
34FA000
|
heap
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
6EBE47A000
|
stack
|
page read and write
|
||
|
705D000
|
heap
|
page read and write
|
||
|
C4A000
|
heap
|
page read and write
|
||
|
708B000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
6FE8000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
4BB000
|
stack
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
30C000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
4FCC000
|
heap
|
page read and write
|
||
|
34B000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
1BBF1D02000
|
heap
|
page read and write
|
||
|
1BBF1847000
|
heap
|
page read and write
|
||
|
8AB000
|
stack
|
page read and write
|
||
|
500A000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
65B6000
|
heap
|
page read and write
|
||
|
7BE0000
|
heap
|
page read and write
|
||
|
707F000
|
heap
|
page read and write
|
||
|
7314000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
76D1000
|
heap
|
page read and write
|
||
|
708D000
|
heap
|
page read and write
|
||
|
6EBE4FF000
|
stack
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
6EBE579000
|
stack
|
page read and write
|
||
|
86C000
|
stack
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
6FEC000
|
heap
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
6AC7000
|
heap
|
page read and write
|
||
|
708D000
|
heap
|
page read and write
|
||
|
8CC000
|
stack
|
page read and write
|
||
|
708B000
|
heap
|
page read and write
|
||
|
2669A010000
|
trusted library allocation
|
page read and write
|
||
|
EAC000
|
stack
|
page read and write
|
||
|
708D000
|
heap
|
page read and write
|
||
|
6FEC000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
7314000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
AAF000
|
stack
|
page read and write
|
||
|
6EBE5FE000
|
stack
|
page read and write
|
||
|
FDB000
|
stack
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
1BBF1D00000
|
heap
|
page read and write
|
||
|
1BBF1813000
|
unkown
|
page read and write
|
||
|
6FEC000
|
heap
|
page read and write
|
||
|
26699DB0000
|
heap
|
page read and write
|
||
|
6FE8000
|
heap
|
page read and write
|
||
|
76D2000
|
heap
|
page read and write
|
||
|
E5F000
|
stack
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
1001F000
|
direct allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
1BBF1902000
|
trusted library allocation
|
page read and write
|
||
|
707F000
|
heap
|
page read and write
|
||
|
4F81000
|
heap
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
1BBF1C00000
|
heap
|
page read and write
|
||
|
26699E29000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
26699DF0000
|
heap
|
page read and write
|
||
|
6A71000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page readonly
|
||
|
5F11000
|
heap
|
page read and write
|
||
|
BBF000
|
stack
|
page read and write
|
||
|
5F07000
|
heap
|
page read and write
|
||
|
26699F40000
|
trusted library allocation
|
page read and write
|
||
|
7314000
|
heap
|
page read and write
|
||
|
1BBF16D0000
|
trusted library allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
4FFF000
|
heap
|
page read and write
|
||
|
130E000
|
stack
|
page read and write
|
||
|
4FDC000
|
heap
|
page read and write
|
||
|
1BBF1885000
|
heap
|
page read and write
|
||
|
6FEC000
|
heap
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
705C000
|
heap
|
page read and write
|
||
|
708B000
|
heap
|
page read and write
|
||
|
72F0000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
82A000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
76D1000
|
heap
|
page read and write
|
||
|
708B000
|
heap
|
page read and write
|
||
|
47C000
|
stack
|
page read and write
|
||
|
708B000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
7314000
|
heap
|
page read and write
|
||
|
9FA000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
7314000
|
heap
|
page read and write
|
||
|
6FE8000
|
heap
|
page read and write
|
There are 385 hidden memdumps, click here to show them.