Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
042_qbot.dll.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_419b281e7a1c62a2cfa3b86aa4ad63773747ea5_82810a17_16e4a039\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_7cd6569328c9cf945daabde1681ed6f3f4988cde_82810a17_1078a375\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_7cd6569328c9cf945daabde1681ed6f3f4988cde_82810a17_16fca039\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f72750b22a9214184114f6be25e810eecaece948_82810a17_1beca365\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER78EA.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 08:04:39 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7959.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 08:04:39 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7A82.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7AE0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B0F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B4F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A7C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 08:04:47 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A8C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Jun 7 08:04:47 2023, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C33.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C52.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CC0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CD0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\1X93SLWC.htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (540)
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\042_qbot.dll.dll"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\042_qbot.dll.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\042_qbot.dll.dll,lcopy_block_row
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll.dll",#1
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 664
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 652
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\042_qbot.dll.dll,lcopy_sample_rows
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\042_qbot.dll.dll,ldiv_round_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll.dll",lcopy_block_row
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll.dll",lcopy_sample_rows
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll.dll",ldiv_round_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll.dll",next
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll.dll",lround_up
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\042_qbot.dll.dll",lpeg_write_tables
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 652
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 660
|
|
|
|
C:\Windows\SysWOW64\wermgr.exe
|
C:\Windows\SysWOW64\wermgr.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.linkedin.com/talent/post-a-job?trk=homepage-basic_talent-finder-cta
|
unknown
|
||
|
https://sg.linkedin.com/
|
unknown
|
||
|
https://nz.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/jobs/quality-assurance-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/pulse/topics/marketing-s2461/
|
unknown
|
||
|
https://bo.linkedin.com/
|
unknown
|
||
|
https://cn.linkedin.com/
|
unknown
|
||
|
https://kr.linkedin.com/
|
unknown
|
||
|
https://sv.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/signup?trk=guest_homepage-basic_directory
|
unknown
|
||
|
https://www.linkedin.com/legal/copyright-policy?trk=homepage-basic_footer-copyright-policy
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/e12h2cd8ac580qen9qdd0qks8
|
unknown
|
||
|
https://about.linkedin.com/?trk=homepage-basic_directory_aboutUrl
|
unknown
|
||
|
https://www.linkedin.com/jobs/search?trk=guest_homepage-basic_guest_nav_menu_jobs
|
unknown
|
||
|
https://ec.linkedin.com/
|
unknown
|
||
|
https://about.linkedin.com?trk=homepage-basic_footer-about
|
unknown
|
||
|
https://ie.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/business-software-and-tools?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://ae.linkedin.com/
|
unknown
|
||
|
https://uk.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/salary/?trk=homepage-basic_directory_salaryHomeUrl
|
unknown
|
||
|
https://developer.linkedin.com/?trk=homepage-basic_directory_developerMicrositeUrl
|
unknown
|
||
|
https://www.linkedin.com/directory/posts?trk=homepage-basic_directory_postsDirectoryUrl
|
unknown
|
||
|
https://www.linkedin.com/jobs/operations-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/artificial-intelligence?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/pulse/topics/healthcare-s282/
|
unknown
|
||
|
https://in.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/directory/featured?trk=homepage-basic_directory_featuredDirectoryUrl
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/audio-and-music?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/training-and-education?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://hk.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/visualization-and-real-time?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://at.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/pulse/topics/construction-management-s831/
|
unknown
|
||
|
https://www.linkedin.com/jobs/education-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/project-management?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/directory/articles?trk=homepage-basic_directory_articlesDirectoryUrl
|
unknown
|
||
|
https://www.linkedin.com/pulse/topics/public-administration-s3697/
|
unknown
|
||
|
https://za.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/directory/services?trk=homepage-basic_directory_servicesDirectoryUrl
|
unknown
|
||
|
https://jm.linkedin.com/
|
unknown
|
||
|
https://no.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/directory/learning?trk=homepage-basic_directory_learningDirectoryUrl
|
unknown
|
||
|
https://www.linkedin.com/jobs/entrepreneurship-jobs-h
|
unknown
|
||
|
https://pe.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/directory/advice?trk=homepage-basic_directory_adviceDirectoryUrl
|
unknown
|
||
|
https://au.linkedin.com/
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/ddi43qwelxeqjxdd45pe3fvs1
|
unknown
|
||
|
https://www.linkedin.com/jobs/administrative-assistant-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/legal/professional-community-policies?trk=homepage-basic_footer-community-g
|
unknown
|
||
|
https://www.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy
|
unknown
|
||
|
https://www.linkedin.com/signup?trk=guest_homepage-basic_nav-header-join
|
unknown
|
||
|
https://www.linkedin.com/signup?trk=homepage-basic_join-cta
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/sales-3?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/legal/cookie-policy
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/51t74mlo1ty7vakn3a80a9jcp
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/8fkga714vy9b2wk5auqo5reeb
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/data-science?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://cr.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/mobile-development?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://gt.linkedin.com/
|
unknown
|
||
|
https://ph.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/leadership-and-management?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/network-and-system-administration?trk=homepage-basic_learni
|
unknown
|
||
|
https://www.linkedin.com/learning/search?trk=guest_homepage-basic_guest_nav_menu_learning
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/customer-service-3?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/jobs/jobs-in-h
|
unknown
|
||
|
https://fr.linkedin.com/
|
unknown
|
||
|
https://mobile.linkedin.com/?trk=homepage-basic_directory_mobileMicrositeUrl
|
unknown
|
||
|
https://www.linkedin.com/jobs/purchasing-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/security-3?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/learning/search?trk=homepage-basic_brand-discovery_intent-module-thirdBtn
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/it-help-desk-5?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/jobs/arts-and-design-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/directory/products?trk=homepage-basic_directory_productsDirectoryUrl
|
unknown
|
||
|
https://business.linkedin.com/talent-solutions?src=li-footer&utm_source=linkedin&utm_medium=
|
unknown
|
||
|
https://www.linkedin.com/directory/news?trk=homepage-basic_directory_newsDirectoryUrl
|
unknown
|
||
|
https://zw.linkedin.com/
|
unknown
|
||
|
https://co.linkedin.com/
|
unknown
|
||
|
https://ru.linkedin.com/
|
unknown
|
||
|
https://ca.linkedin.com/
|
unknown
|
||
|
https://ke.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/career-development-5?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/mypreferences/g/guest-cookies
|
unknown
|
||
|
https://www.linkedin.com/products?trk=homepage-basic_directory_productsHomeUrl
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/7kb6sn3tm4cx918cx9a5jlb0
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/8wykgzgbqy0t3fnkgborvz54u
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/9r7bzghkywart99je65bjx5yl
|
unknown
|
||
|
https://de.linkedin.com/
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/2r8kd5zqpi905lkzsshdlvvn5
|
unknown
|
||
|
https://www.linkedin.com/jobs/retail-associate-jobs-h
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/product-and-manufacturing?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://www.linkedin.com/psettings/guest-controls?trk=homepage-basic_footer-guest-controls
|
unknown
|
||
|
https://business.linkedin.com/marketing-solutions?src=li-footer&utm_source=linkedin&utm_medi
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/5anw0ar72zvn8xrzj6wvz3jl6
|
unknown
|
||
|
https://www.linkedin.com/help/linkedin?lang=en&trk=homepage-basic_directory_helpCenterUrl
|
unknown
|
||
|
https://pk.linkedin.com/
|
unknown
|
||
|
https://jp.linkedin.com/
|
unknown
|
||
|
https://www.linkedin.com/learning/topics/human-resources-3?trk=homepage-basic_learning-cta
|
unknown
|
||
|
https://static.licdn.com/aero-v1/sc/h/al2o9zrvru7aqj8e1x2rzsrca
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
linkedin.com
|
13.107.42.14
|
||
|
www.linkedin.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
38.2.18.164
|
unknown
|
United States
|
|
|
|
2.82.8.80
|
unknown
|
Portugal
|
|
|
|
70.160.67.203
|
unknown
|
United States
|
|
|
|
83.110.223.61
|
unknown
|
United Arab Emirates
|
|
|
|
209.171.160.69
|
unknown
|
Canada
|
|
|
|
84.215.202.8
|
unknown
|
Norway
|
|
|
|
184.182.66.109
|
unknown
|
United States
|
|
|
|
200.84.211.255
|
unknown
|
Venezuela
|
|
|
|
125.99.69.178
|
unknown
|
India
|
|
|
|
174.4.89.3
|
unknown
|
Canada
|
|
|
|
121.121.108.120
|
unknown
|
Malaysia
|
|
|
|
161.142.103.187
|
unknown
|
Malaysia
|
|
|
|
213.64.33.92
|
unknown
|
Sweden
|
|
|
|
114.143.176.236
|
unknown
|
India
|
|
|
|
24.234.220.88
|
unknown
|
United States
|
|
|
|
67.70.120.249
|
unknown
|
Canada
|
|
|
|
73.88.173.113
|
unknown
|
United States
|
|
|
|
72.205.104.134
|
unknown
|
United States
|
|
|
|
117.195.17.148
|
unknown
|
India
|
|
|
|
69.160.121.6
|
unknown
|
Jamaica
|
|
|
|
176.133.4.230
|
unknown
|
France
|
|
|
|
183.87.163.165
|
unknown
|
India
|
|
|
|
184.181.75.148
|
unknown
|
United States
|
|
|
|
70.49.205.198
|
unknown
|
Canada
|
|
|
|
87.221.153.182
|
unknown
|
Spain
|
|
|
|
70.50.1.252
|
unknown
|
Canada
|
|
|
|
85.101.239.116
|
unknown
|
Turkey
|
|
|
|
181.4.225.225
|
unknown
|
Argentina
|
|
|
|
100.4.163.158
|
unknown
|
United States
|
|
|
|
103.141.50.43
|
unknown
|
India
|
|
|
|
70.50.83.216
|
unknown
|
Canada
|
|
|
|
92.1.170.110
|
unknown
|
United Kingdom
|
|
|
|
64.121.161.102
|
unknown
|
United States
|
|
|
|
96.56.197.26
|
unknown
|
United States
|
|
|
|
188.28.19.84
|
unknown
|
United Kingdom
|
|
|
|
125.99.76.102
|
unknown
|
India
|
|
|
|
81.101.185.146
|
unknown
|
United Kingdom
|
|
|
|
116.75.63.183
|
unknown
|
India
|
|
|
|
124.246.122.199
|
unknown
|
Singapore
|
|
|
|
147.147.30.126
|
unknown
|
United Kingdom
|
|
|
|
109.130.247.84
|
unknown
|
Belgium
|
|
|
|
75.109.111.89
|
unknown
|
United States
|
|
|
|
88.126.94.4
|
unknown
|
France
|
|
|
|
124.122.47.148
|
unknown
|
Thailand
|
|
|
|
66.241.183.99
|
unknown
|
United States
|
|
|
|
180.151.19.13
|
unknown
|
India
|
|
|
|
94.204.202.106
|
unknown
|
United Arab Emirates
|
|
|
|
47.205.25.170
|
unknown
|
United States
|
|
|
|
95.45.50.93
|
unknown
|
Ireland
|
|
|
|
103.212.19.254
|
unknown
|
India
|
|
|
|
85.61.165.153
|
unknown
|
Spain
|
|
|
|
91.160.70.68
|
unknown
|
France
|
|
|
|
201.143.215.69
|
unknown
|
Mexico
|
|
|
|
184.63.133.131
|
unknown
|
United States
|
|
|
|
203.109.44.236
|
unknown
|
India
|
|
|
|
90.104.151.37
|
unknown
|
France
|
|
|
|
201.244.108.183
|
unknown
|
Colombia
|
|
|
|
2.49.63.160
|
unknown
|
United Arab Emirates
|
|
|
|
103.42.86.42
|
unknown
|
India
|
|
|
|
80.6.50.34
|
unknown
|
United Kingdom
|
|
|
|
175.156.217.7
|
unknown
|
Singapore
|
|
|
|
103.139.242.6
|
unknown
|
India
|
|
|
|
27.0.48.233
|
unknown
|
India
|
|
|
|
70.28.50.223
|
unknown
|
Canada
|
|
|
|
173.17.45.60
|
unknown
|
United States
|
|
|
|
81.229.117.95
|
unknown
|
Sweden
|
|
|
|
70.64.77.115
|
unknown
|
Canada
|
|
|
|
87.252.106.39
|
unknown
|
Italy
|
|
|
|
79.77.142.22
|
unknown
|
United Kingdom
|
|
|
|
98.163.227.79
|
unknown
|
United States
|
|
|
|
93.187.148.45
|
unknown
|
United Kingdom
|
|
|
|
186.75.95.6
|
unknown
|
Panama
|
|
|
|
50.68.186.195
|
unknown
|
Canada
|
|
|
|
45.62.70.33
|
unknown
|
Canada
|
|
|
|
83.249.198.100
|
unknown
|
Sweden
|
|
|
|
12.172.173.82
|
unknown
|
United States
|
|
|
|
47.199.241.39
|
unknown
|
United States
|
|
|
|
79.168.224.165
|
unknown
|
Portugal
|
|
|
|
199.27.66.213
|
unknown
|
United States
|
|
|
|
200.44.198.47
|
unknown
|
Venezuela
|
|
|
|
176.142.207.63
|
unknown
|
France
|
|
|
|
86.173.2.12
|
unknown
|
United Kingdom
|
|
|
|
45.62.75.250
|
unknown
|
Canada
|
|
|
|
92.154.17.149
|
unknown
|
France
|
|
|
|
90.29.86.138
|
unknown
|
France
|
|
|
|
174.58.146.57
|
unknown
|
United States
|
|
|
|
223.166.13.95
|
unknown
|
China
|
|
|
|
5.192.141.228
|
unknown
|
United Arab Emirates
|
|
|
|
65.95.141.84
|
unknown
|
Canada
|
|
|
|
75.98.154.19
|
unknown
|
United States
|
|
|
|
77.126.99.230
|
unknown
|
Israel
|
|
|
|
103.123.223.133
|
unknown
|
India
|
|
|
|
74.12.147.139
|
unknown
|
Canada
|
|
|
|
92.9.45.20
|
unknown
|
United Kingdom
|
|
|
|
113.11.92.30
|
unknown
|
Bangladesh
|
|
|
|
77.86.98.236
|
unknown
|
United Kingdom
|
|
|
|
103.140.174.20
|
unknown
|
India
|
|
|
|
78.192.109.105
|
unknown
|
France
|
|
|
|
78.82.143.154
|
unknown
|
Sweden
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
There are 90 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProgramId
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
FileId
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LongPathHash
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Name
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Publisher
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Version
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinFileVersion
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinaryType
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductName
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
ProductVersion
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
LinkDate
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
BinProductVersion
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Size
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
Language
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsPeFile
|
||
|
\REGISTRY\A\{25c4ee59-84f2-f71e-e7f5-7b3187cd1791}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
|
IsOsComponent
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800A6D698114
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800A6D698114
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
4a620a8a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
7ffddac4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
7dbcfab8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
c5009ddd
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
b808d257
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
b4b532
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
c741bda1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
352b657c
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
4a620a8a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
4a620a8a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
4a620a8a
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Ilfdspujwoqgur
|
4a620a8a
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
45F0000
|
heap
|
page read and write
|
|
|
|
296A000
|
heap
|
page read and write
|
|
|
|
5FE2000
|
heap
|
page read and write
|
||
|
259C000
|
stack
|
page read and write
|
||
|
466F000
|
heap
|
page read and write
|
||
|
305C000
|
stack
|
page read and write
|
||
|
2EFA000
|
heap
|
page read and write
|
||
|
4A1A000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
4A1A000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
2740000
|
heap
|
page read and write
|
||
|
6124000
|
heap
|
page read and write
|
||
|
102B000
|
heap
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
2840000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
10000000
|
direct allocation
|
page read and write
|
||
|
21C0A84B000
|
heap
|
page read and write
|
||
|
4300000
|
heap
|
page read and write
|
||
|
B3C000
|
stack
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
25EC000
|
stack
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
252B000
|
stack
|
page read and write
|
||
|
294F000
|
stack
|
page read and write
|
||
|
21C0A85D000
|
unkown
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
21C0A84C000
|
heap
|
page read and write
|
||
|
6BAC000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
6A1C000
|
heap
|
page read and write
|
||
|
7F16000
|
heap
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
4650000
|
heap
|
page read and write
|
||
|
6A8C000
|
heap
|
page read and write
|
||
|
4690000
|
trusted library allocation
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
21C0AA13000
|
heap
|
page read and write
|
||
|
21C0A819000
|
unkown
|
page read and write
|
||
|
28DF000
|
stack
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
10022000
|
direct allocation
|
page readonly
|
||
|
1001A000
|
direct allocation
|
page readonly
|
||
|
2590000
|
heap
|
page read and write
|
||
|
5B00000
|
heap
|
page read and write
|
||
|
5B24000
|
heap
|
page read and write
|
||
|
28BE000
|
stack
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
21C0A828000
|
heap
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
283B000
|
stack
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
6A1C000
|
heap
|
page read and write
|
||
|
23FE000
|
stack
|
page read and write
|
||
|
3680000
|
heap
|
page read and write
|
||
|
231B000
|
stack
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
21C0A5D0000
|
heap
|
page read and write
|
||
|
2760000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
21C0A84C000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
5B00000
|
heap
|
page read and write
|
||
|
466F000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
6ABD000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
21C0A89C000
|
unkown
|
page read and write
|
||
|
4500000
|
heap
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
10001000
|
direct allocation
|
page execute read
|
||
|
4A19000
|
heap
|
page read and write
|
||
|
4F1F000
|
stack
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
6A18000
|
heap
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
5B24000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
33EA000
|
heap
|
page read and write
|
||
|
6A1C000
|
heap
|
page read and write
|
||
|
6ABD000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
1036000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
21C0A640000
|
heap
|
page read and write
|
||
|
49E8000
|
heap
|
page read and write
|
||
|
7A0B000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
425F000
|
stack
|
page read and write
|
||
|
6ABD000
|
heap
|
page read and write
|
||
|
21C0A88A000
|
heap
|
page read and write
|
||
|
64AB000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
7A1B000
|
heap
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
4A0F000
|
heap
|
page read and write
|
||
|
43D3000
|
heap
|
page read and write
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
7A07000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
21C0A89C000
|
unkown
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
42DF000
|
stack
|
page read and write
|
||
|
6A0C000
|
heap
|
page read and write
|
||
|
294F000
|
stack
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
35CF000
|
stack
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
289E000
|
stack
|
page read and write
|
||
|
254B000
|
stack
|
page read and write
|
||
|
7F15000
|
heap
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
33CA000
|
heap
|
page read and write
|
||
|
21C0AB13000
|
heap
|
page read and write
|
||
|
21C0A88A000
|
heap
|
page read and write
|
||
|
49B4000
|
heap
|
page read and write
|
||
|
21C0A915000
|
trusted library allocation
|
page read and write
|
||
|
4991000
|
heap
|
page read and write
|
||
|
49C1000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
6A18000
|
heap
|
page read and write
|
||
|
49EC000
|
heap
|
page read and write
|
||
|
21C0A84B000
|
heap
|
page read and write
|
||
|
21C0A800000
|
unkown
|
page read and write
|
||
|
2ADA000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
24EC000
|
stack
|
page read and write
|
||
|
5B24000
|
heap
|
page read and write
|
||
|
33DF000
|
stack
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
44E1000
|
heap
|
page read and write
|
||
|
4A16000
|
heap
|
page read and write
|
||
|
25B0000
|
heap
|
page read and write
|
||
|
43FE000
|
stack
|
page read and write
|
||
|
3310000
|
heap
|
page read and write
|
||
|
49DC000
|
heap
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
21C0A813000
|
unkown
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
21C0A900000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
296A000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
6A18000
|
heap
|
page read and write
|
||
|
750C000
|
heap
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
6A1C000
|
heap
|
page read and write
|
||
|
7F1E000
|
heap
|
page read and write
|
||
|
5B00000
|
heap
|
page read and write
|
||
|
5B00000
|
heap
|
page read and write
|
||
|
2C7B000
|
stack
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
21C0A841000
|
heap
|
page read and write
|
||
|
7209000
|
heap
|
page read and write
|
||
|
283F000
|
stack
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
6ABD000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
326C000
|
stack
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
29A9000
|
heap
|
page read and write
|
||
|
B84C579000
|
stack
|
page read and write
|
||
|
B84C11D000
|
stack
|
page read and write
|
||
|
21C0AB02000
|
heap
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
23CC000
|
stack
|
page read and write
|
||
|
263B000
|
stack
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
21C0A923000
|
heap
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
103A000
|
heap
|
page read and write
|
||
|
59E1000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
250C000
|
stack
|
page read and write
|
||
|
7206000
|
heap
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
6AD81000
|
unkown
|
page execute read
|
||
|
44E1000
|
heap
|
page read and write
|
||
|
21C0AB02000
|
heap
|
page read and write
|
||
|
21C0A902000
|
trusted library allocation
|
page read and write
|
||
|
4A1A000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
21C0A84B000
|
heap
|
page read and write
|
||
|
720B000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
4A1A000
|
heap
|
page read and write
|
||
|
21C0A84B000
|
heap
|
page read and write
|
||
|
309B000
|
stack
|
page read and write
|
||
|
21C0AB16000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
36F0000
|
heap
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
7215000
|
heap
|
page read and write
|
||
|
2930000
|
direct allocation
|
page execute read
|
||
|
4A0F000
|
heap
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
21C0A839000
|
heap
|
page read and write
|
||
|
64F2000
|
heap
|
page read and write
|
||
|
4A1A000
|
heap
|
page read and write
|
||
|
2ACA000
|
heap
|
page read and write
|
||
|
21C0AB00000
|
heap
|
page read and write
|
||
|
291A000
|
heap
|
page read and write
|
||
|
6ADEA000
|
unkown
|
page readonly
|
||
|
2920000
|
heap
|
page read and write
|
||
|
21C0A5E0000
|
trusted library allocation
|
page read and write
|
||
|
6ABD000
|
heap
|
page read and write
|
||
|
7A02000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
21C0AB13000
|
heap
|
page read and write
|
||
|
1001F000
|
direct allocation
|
page read and write
|
||
|
6D0A000
|
heap
|
page read and write
|
||
|
443F000
|
stack
|
page read and write
|
||
|
49BF000
|
heap
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
6A1C000
|
heap
|
page read and write
|
||
|
6ADC7000
|
unkown
|
page readonly
|
||
|
5B24000
|
heap
|
page read and write
|
||
|
25DB000
|
stack
|
page read and write
|
||
|
771B000
|
heap
|
page read and write
|
||
|
297A000
|
heap
|
page read and write
|
||
|
6A18000
|
heap
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
6ADFA000
|
unkown
|
page readonly
|
||
|
F50000
|
heap
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
32AB000
|
stack
|
page read and write
|
||
|
6A18000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
21C0AA00000
|
heap
|
page read and write
|
||
|
6ADD7000
|
unkown
|
page readonly
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
21C0A83F000
|
heap
|
page read and write
|
||
|
6D09000
|
heap
|
page read and write
|
||
|
4613000
|
heap
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
21C0AA02000
|
heap
|
page read and write
|
||
|
4A1A000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
58B0000
|
trusted library allocation
|
page read and write
|
||
|
47E0000
|
heap
|
page read and write
|
||
|
2C3C000
|
stack
|
page read and write
|
||
|
6BE4000
|
heap
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
6A0C000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
6ADF3000
|
unkown
|
page readonly
|
||
|
44E0000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
B84C879000
|
stack
|
page read and write
|
||
|
290E000
|
stack
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
33CA000
|
heap
|
page read and write
|
||
|
2FCB000
|
stack
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
6ADF7000
|
unkown
|
page readonly
|
||
|
22DC000
|
stack
|
page read and write
|
||
|
21C0AB02000
|
heap
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
6D01000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
4E0F000
|
stack
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
6ABD000
|
heap
|
page read and write
|
||
|
2F8C000
|
stack
|
page read and write
|
||
|
21C0A80F000
|
unkown
|
page read and write
|
||
|
429E000
|
stack
|
page read and write
|
||
|
5B00000
|
heap
|
page read and write
|
||
|
6A0C000
|
heap
|
page read and write
|
||
|
6AD80000
|
unkown
|
page readonly
|
||
|
21C0A84C000
|
unkown
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
5B24000
|
heap
|
page read and write
|
||
|
6ABD000
|
heap
|
page read and write
|
||
|
6ABD000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
4110000
|
heap
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
6ADF4000
|
unkown
|
page read and write
|
||
|
6A0C000
|
heap
|
page read and write
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
121F000
|
stack
|
page read and write
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
21C0A8AD000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
There are 320 hidden memdumps, click here to show them.