Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
051_qbot.dll.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_0496185d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_0ef5fbfc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_16c1fb40\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f72750b22a9214184114f6be25e810eecaece948_82810a17_1a9e18cb\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1158.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 03:13:12 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1187.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 03:13:12 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1282.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER12F0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER12F1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER131F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREEAD.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 03:13:03 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREEEC.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 03:13:03 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF110.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF16D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF16E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF1AD.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\3IEQMPPK.htm
|
HTML document, ASCII text, with very long lines (64945)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\t5[1]
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\051_qbot.dll.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\051_qbot.dll.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\051_qbot.dll.dll,lcopy_block_row
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\051_qbot.dll.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 672
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\051_qbot.dll.dll,lcopy_sample_rows
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\051_qbot.dll.dll,ldiv_round_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\051_qbot.dll.dll",lcopy_block_row
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\051_qbot.dll.dll",lcopy_sample_rows
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\051_qbot.dll.dll",ldiv_round_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\051_qbot.dll.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\051_qbot.dll.dll",lround_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\051_qbot.dll.dll",lpeg_write_tables
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 656
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://188.28.19.84/t5
|
188.28.19.84
|
|
|
|
https://s.yimg.com/ss/rapid-3.53.38.js
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/nZoIEBF.tT3Nt3BwqaTcQw--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/aaq/vzm/cs_1.4.0.js
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/cgPpkyweHixu2K0SeMV0Uw--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/cx/pv/perf-vitals_3.1.0.js
|
unknown
|
||
|
https://legal.yahoo.com/us/en/yahoo/privacy/adinfo/index.html
|
unknown
|
||
|
https://s.yimg.com/aaq/spotim/
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/zen0uone64pvOLhjI3iHFw--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/jmA4dNVmZNOKZFQv4w3ZxQ--~B/Zmk9c3RyaW07aD0zODg7cT05NTt3PTcyMDthcHB
|
unknown
|
||
|
https://fp-graviton-home-gateway.media.yahoo.com/
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/GJM0T9nuvPjhGuFxUfcZuA--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://openweb.jac.yahoosandbox.com
|
unknown
|
||
|
https://s.yimg.com/uc/sf/0.1.322/js/safe.min.js
|
unknown
|
||
|
https://yahoo.com/
|
74.6.143.26
|
||
|
https://www.yahoo.com/
|
87.248.100.215
|
||
|
https://www.ad.com/?utm_source=yahoo-home&utm_medium=referral&utm_campaign=ad-feedback"
|
unknown
|
||
|
https://www.yahoo.com/px.gif
|
unknown
|
||
|
https://search.yahoo.com/search?p=
|
unknown
|
||
|
https://5.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C4830424%7C0%7C0%7CAdId=-41;BnId=0;ct=61578007;st=11
|
unknown
|
||
|
https://5.ras.yahoo.com/adcount%7C2.0%7C5113.1%7C4830441%7C0%7C225%7CAdId=11101911;BnId=2;ct=6157800
|
unknown
|
||
|
http://schema.org
|
unknown
|
||
|
http://www.opensource.org/licenses/mit-license.php
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/U1DfOGB5y9ypZCueAYqcQg--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://legal.yahoo.com/us/en/yahoo/privacy/adinfo/index.html"
|
unknown
|
||
|
https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&es=WN8lf1wGIS9pUgu6_LdRdnqWc2MxbKQuIVqraKPpZ2Fkqh.P
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/P.vUCyhgznB9JdplpfhN5g--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/aaq/wf/wf-core-1.63.0.js
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/E8bGprFjv9Ud.x2CfVg8yg--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://sb.scorecardresearch.com/p?c1=2&c2=7241469&c5=2023538075&c7=https%3A%2F%2Fwww.yahoo.com%2F&c
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/VP4Uj0yGwgz5fiidx_YgMQ--~B/Zmk9c3RyaW07aD0xOTg7cT04MDt3PTM4MDthcHB
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/nPWGibR39WaNZnEFkmTQNg--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/mzML.c575CXGYRGc4RAjkw--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/aBrN1qBz8Mzvm1aK6NNj2A--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/nn/lib/metro/g/myy/advertisement_0.0.19.js
|
unknown
|
||
|
https://s.yimg.com/aaq/nel/js/spotIm.custom.SpotIMJAC.modal.9d3270fa67932556c75baaed2c09c955.js
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/VukkCtYgwUsNyskWRMerTw--~B/Zmk9c3RyaW07aD0yNDY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://yep.video.yahoo.com/oath/js/1/oath-player.js?ypv=8.5.43&lang=en-US
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/KSYWdTSFf6cb6I5mKjI6VA--~B/Zmk9c3RyaW07aD0xNDA7cT05MDt3PTE0MDthcHB
|
unknown
|
||
|
https://s.yimg.com/aaq/hc/homepage-pwa-defer-1.1.6.js
|
unknown
|
||
|
https://s.yimg.com/uu/api/res/1.2/arPZdthdJCau7x.13pfhgA--~B/Zmk9c3RyaW07aD0zODY7cT04MDt3PTQ0MDthcHB
|
unknown
|
||
|
https://openweb.jac.yahoosandbox.com/1.5.0/jac.js
|
unknown
|
There are 33 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
new-fp-shed.wg1.b.yahoo.com
|
87.248.100.215
|
||
|
yahoo.com
|
74.6.143.26
|
||
|
www.yahoo.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
38.2.18.164
|
unknown
|
United States
|
|
|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
209.171.160.69
|
unknown
|
Canada
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
200.84.211.255
|
unknown
|
Venezuela
|
|
|
|
125.99.69.178
|
unknown
|
India
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
121.121.108.120
|
unknown
|
Malaysia
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
213.64.33.92
|
unknown
|
Sweden
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
24.234.220.88
|
unknown
|
United States
|
|
|
|
67.70.120.249
|
unknown
|
Canada
|
|
|
|
73.88.173.113
|
unknown
|
United States
|
|
|
|
72.205.104.134
|
unknown
|
United States
|
|
|
|
117.195.17.148
|
unknown
|
India
|
|
|
|
69.160.121.6
|
unknown
|
Jamaica
|
|
|
|
176.133.4.230
|
unknown
|
France
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
70.49.205.198
|
unknown
|
Canada
|
|
|
|
87.221.153.182
|
unknown
|
Spain
|
|
|
|
70.50.1.252
|
unknown
|
Canada
|
|
|
|
85.101.239.116
|
unknown
|
Turkey
|
|
|
|
181.4.225.225
|
unknown
|
Argentina
|
|
|
|
100.4.163.158
|
unknown
|
United States
|
|
|
|
103.141.50.43
|
unknown
|
India
|
|
|
|
70.50.83.216
|
unknown
|
Canada
|
|
|
|
92.1.170.110
|
unknown
|
United Kingdom
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
81.101.185.146
|
unknown
|
United Kingdom
|
|
|
|
116.75.63.183
|
unknown
|
India
|
|
|
|
124.246.122.199
|
unknown
|
Singapore
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
109.130.247.84
|
unknown
|
Belgium
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
66.241.183.99
|
unknown
|
United States
|
|
|
|
180.151.19.13
|
unknown
|
India
|
|
|
|
94.204.202.106
|
unknown
|
United Arab Emirates
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
103.212.19.254
|
unknown
|
India
|
|
|
|
85.61.165.153
|
unknown
|
Spain
|
|
|
|
91.160.70.68
|
unknown
|
France
|
|
|
|
201.143.215.69
|
unknown
|
Mexico
|
|
|
|
184.63.133.131
|
unknown
|
United States
|
|
|
|
203.109.44.236
|
unknown
|
India
|
|
|
|
90.104.151.37
|
unknown
|
France
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
2.49.63.160
|
unknown
|
United Arab Emirates
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
175.156.217.7
|
unknown
|
Singapore
|
|
|
|
103.139.242.6
|
unknown
|
India
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
173.17.45.60
|
unknown
|
United States
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
70.64.77.115
|
unknown
|
Canada
|
|
|
|
87.252.106.39
|
unknown
|
Italy
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
98.163.227.79
|
unknown
|
United States
|
|
|
|
93.187.148.45
|
unknown
|
United Kingdom
|
|
|
|
186.75.95.6
|
unknown
|
Panama
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
45.62.70.33
|
unknown
|
Canada
|
|
|
|
83.249.198.100
|
unknown
|
Sweden
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
47.199.241.39
|
unknown
|
United States
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
199.27.66.213
|
unknown
|
United States
|
|
|
|
200.44.198.47
|
unknown
|
Venezuela
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
86.173.2.12
|
unknown
|
United Kingdom
|
|
|
|
45.62.75.250
|
unknown
|
Canada
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
90.29.86.138
|
unknown
|
France
|
|
|
|
174.58.146.57
|
unknown
|
United States
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
5.192.141.228
|
unknown
|
United Arab Emirates
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
75.98.154.19
|
unknown
|
United States
|
|
|
|
77.126.99.230
|
unknown
|
Israel
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
74.12.147.139
|
unknown
|
Canada
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
113.11.92.30
|
unknown
|
Bangladesh
|
|
|
|
77.86.98.236
|
unknown
|
United Kingdom
|
|
|
|
103.140.174.20
|
unknown
|
India
|
|
|
|
87.248.100.215
|
new-fp-shed.wg1.b.yahoo.com
|
United Kingdom
|
||
|
192.168.2.1
|
unknown
|
unknown
|
||
|
74.6.143.26
|
yahoo.com
|
United States
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
001840064172BCE4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{8727e9fa-347b-c249-e99f-4c634cc19f19}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
001840064172BCE4
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
ae689092
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
9bf740dc
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
99b660a0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
210a07c5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
5c02484f
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
e4be2f2a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
234b27b9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
d121ff64
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
ae689092
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
ae689092
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
ae689092
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ylqytaq
|
ae689092
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F4A000
|
heap
|
page read and write
|
|
|
|
4AC0000
|
heap
|
page read and write
|
|
|
|
104C000
|
stack
|
page read and write
|
||
|
5AFC000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
6A44000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
C3B000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
5B9B000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
1EF6FE7B000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
3154000
|
heap
|
page read and write
|
||
|
1EF70113000
|
heap
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
76C7000
|
heap
|
page read and write
|
||
|
6A44000
|
heap
|
page read and write
|
||
|
1EF70000000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
5B6D000
|
heap
|
page read and write
|
||
|
1EF6FF00000
|
trusted library allocation
|
page read and write
|
||
|
E34000
|
heap
|
page read and write
|
||
|
6A44000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
A40000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
DDF000
|
stack
|
page read and write
|
||
|
108B000
|
stack
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
5FB000
|
stack
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
F0F000
|
stack
|
page read and write
|
||
|
E60000
|
direct allocation
|
page execute read
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
930000
|
heap
|
page read and write
|
||
|
343A000
|
heap
|
page read and write
|
||
|
6EC1000
|
heap
|
page read and write
|
||
|
4ABA000
|
heap
|
page read and write
|
||
|
1EF6FE7B000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
5CC4000
|
heap
|
page read and write
|
||
|
4B61000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
105E000
|
stack
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
5B6D000
|
heap
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
5B6D000
|
heap
|
page read and write
|
||
|
1EF6FE00000
|
unkown
|
page read and write
|
||
|
6CB000
|
stack
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
1EF6FEBC000
|
heap
|
page read and write
|
||
|
6A44000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
6EC4000
|
heap
|
page read and write
|
||
|
1EF6FF23000
|
heap
|
page read and write
|
||
|
1EF70002000
|
heap
|
page read and write
|
||
|
E34000
|
heap
|
page read and write
|
||
|
5B6D000
|
heap
|
page read and write
|
||
|
CB7000
|
heap
|
page read and write
|
||
|
5B6D000
|
heap
|
page read and write
|
||
|
5B9D000
|
heap
|
page read and write
|
||
|
5B8F000
|
heap
|
page read and write
|
||
|
FEC000
|
stack
|
page read and write
|
||
|
B9C000
|
stack
|
page read and write
|
||
|
1EF6FBD0000
|
trusted library allocation
|
page read and write
|
||
|
36A0000
|
heap
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
CB7000
|
heap
|
page read and write
|
||
|
5B6C000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
1EF70113000
|
heap
|
page read and write
|
||
|
1EF6FC30000
|
heap
|
page read and write
|
||
|
4ABA000
|
heap
|
page read and write
|
||
|
5AEC000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
6A44000
|
heap
|
page read and write
|
||
|
5B9D000
|
heap
|
page read and write
|
||
|
9BA000
|
heap
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
5B8F000
|
heap
|
page read and write
|
||
|
E34000
|
heap
|
page read and write
|
||
|
5AEC000
|
heap
|
page read and write
|
||
|
5B8F000
|
heap
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
E70000
|
trusted library allocation
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
A4A000
|
heap
|
page read and write
|
||
|
5B9B000
|
heap
|
page read and write
|
||
|
4A31000
|
heap
|
page read and write
|
||
|
1FC000
|
stack
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
4B61000
|
heap
|
page read and write
|
||
|
CB7000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
5AFC000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
5B8F000
|
heap
|
page read and write
|
||
|
7BCF000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
5B9B000
|
heap
|
page read and write
|
||
|
1EF6FE7C000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
E34000
|
heap
|
page read and write
|
||
|
5B9D000
|
heap
|
page read and write
|
||
|
5B6D000
|
heap
|
page read and write
|
||
|
5B9D000
|
heap
|
page read and write
|
||
|
5B9D000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
5B9D000
|
heap
|
page read and write
|
||
|
63A0000
|
heap
|
page read and write
|
||
|
360A000
|
heap
|
page read and write
|
||
|
5C8C000
|
heap
|
page read and write
|
||
|
1EF6FEBC000
|
heap
|
page read and write
|
||
|
646A000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
5B8F000
|
heap
|
page read and write
|
||
|
10022000
|
direct allocation
|
page readonly
|
||
|
5B8F000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
57C7979000
|
stack
|
page read and write
|
||
|
5EC000
|
stack
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
6A44000
|
heap
|
page read and write
|
||
|
5AEC000
|
heap
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
83CE000
|
heap
|
page read and write
|
||
|
108B000
|
stack
|
page read and write
|
||
|
73C5000
|
heap
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
1EF70102000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
5B9B000
|
heap
|
page read and write
|
||
|
4A61000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
D2B000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
3820000
|
heap
|
page read and write
|
||
|
5AFC000
|
heap
|
page read and write
|
||
|
1EF6FE29000
|
heap
|
page read and write
|
||
|
43B000
|
stack
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
5170000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
57C75F9000
|
stack
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
7BDD000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
1001F000
|
direct allocation
|
page read and write
|
||
|
5AFC000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
5B9B000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
1EF6FF15000
|
trusted library allocation
|
page read and write
|
||
|
E7A000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
960000
|
heap
|
page read and write
|
||
|
4A7C000
|
heap
|
page read and write
|
||
|
66F000
|
stack
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
3560000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
E34000
|
heap
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
B30000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
5AFC000
|
heap
|
page read and write
|
||
|
5B9D000
|
heap
|
page read and write
|
||
|
4A54000
|
heap
|
page read and write
|
||
|
5B8F000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
6A44000
|
heap
|
page read and write
|
||
|
5BC000
|
stack
|
page read and write
|
||
|
3660000
|
heap
|
page read and write
|
||
|
1EF6FBC0000
|
heap
|
page read and write
|
||
|
4ABA000
|
heap
|
page read and write
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
CB7000
|
heap
|
page read and write
|
||
|
E0F000
|
stack
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
5AFC000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
4B3F000
|
heap
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
1EF6FF02000
|
trusted library allocation
|
page read and write
|
||
|
64F1000
|
heap
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
5AEC000
|
heap
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
1EF70100000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
E70000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
5B6D000
|
heap
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
5B6D000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
4AE3000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
5AFC000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
F7F000
|
stack
|
page read and write
|
||
|
E34000
|
heap
|
page read and write
|
||
|
5B9B000
|
heap
|
page read and write
|
||
|
602F000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
6027000
|
heap
|
page read and write
|
||
|
BDB000
|
stack
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
76C6000
|
heap
|
page read and write
|
||
|
5B9D000
|
heap
|
page read and write
|
||
|
73CC000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
5B9B000
|
heap
|
page read and write
|
||
|
5AEC000
|
heap
|
page read and write
|
||
|
5AEC000
|
heap
|
page read and write
|
||
|
5FEE000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
5B9D000
|
heap
|
page read and write
|
||
|
4A8C000
|
heap
|
page read and write
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
4B3F000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
D30000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
83B000
|
stack
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
332A000
|
heap
|
page read and write
|
||
|
5B9B000
|
heap
|
page read and write
|
||
|
4AAF000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
4ABA000
|
heap
|
page read and write
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
CB7000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
7EF000
|
stack
|
page read and write
|
||
|
1EF70013000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
1001A000
|
direct allocation
|
page readonly
|
||
|
6A44000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
350E000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
5AEC000
|
heap
|
page read and write
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
4AAF000
|
heap
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
620000
|
heap
|
page read and write
|
||
|
D1B000
|
heap
|
page read and write
|
||
|
CB7000
|
heap
|
page read and write
|
||
|
31CF000
|
stack
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
318E000
|
stack
|
page read and write
|
||
|
9DB000
|
stack
|
page read and write
|
||
|
FEF000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
4A60000
|
heap
|
page read and write
|
||
|
1EF70102000
|
heap
|
page read and write
|
||
|
1EF6FEBC000
|
heap
|
page read and write
|
||
|
4ABA000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
5AFC000
|
heap
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
10BF000
|
stack
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
6A44000
|
heap
|
page read and write
|
||
|
76CE000
|
heap
|
page read and write
|
||
|
57C71DD000
|
stack
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
5AF8000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
1EF6FE3C000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
3600000
|
heap
|
page read and write
|
||
|
5AFC000
|
heap
|
page read and write
|
||
|
4ABA000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
1EF6FE7C000
|
heap
|
page read and write
|
||
|
68C000
|
stack
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
4ABA000
|
heap
|
page read and write
|
||
|
4A88000
|
heap
|
page read and write
|
||
|
356A000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
E34000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
E34000
|
heap
|
page read and write
|
||
|
5B8F000
|
heap
|
page read and write
|
||
|
5B9B000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
5EA7000
|
heap
|
page read and write
|
||
|
1EF6FE3C000
|
heap
|
page read and write
|
||
|
F8E000
|
stack
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
104C000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
4ABA000
|
heap
|
page read and write
|
||
|
3800000
|
heap
|
page read and write
|
||
|
1EF70115000
|
heap
|
page read and write
|
||
|
4ABA000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
5AEC000
|
heap
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
98C000
|
stack
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
5AEC000
|
heap
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
102B000
|
stack
|
page read and write
|
||
|
5B6D000
|
heap
|
page read and write
|
||
|
72D000
|
stack
|
page read and write
|
||
|
1EF6FE13000
|
unkown
|
page read and write
|
||
|
4ABA000
|
heap
|
page read and write
|
||
|
9CB000
|
stack
|
page read and write
|
||
|
63BC000
|
heap
|
page read and write
|
||
|
6ECC000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
5B8F000
|
heap
|
page read and write
|
||
|
1EF70102000
|
heap
|
page read and write
|
There are 364 hidden memdumps, click here to show them.